No announcement yet.

OWA Security Issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • OWA Security Issue

    My company has implemented Microsoft Exchange 2003 to provide email services within the organisation. Outlook 2003 is the standard email client, though facilities have been provided for users to access email remotely via a Web browser using Outlook Web Access.
    Outlook Web Access if provided to external clients via Microsoft ISA server installed on PERGW01 (Gateway server). PERGW01 is configured with a server publishing rule that Reverse Proxies PEREX01 (Exchange Server) to an External URL Https:// Users establish an encrypted SSL session to PERGW01and then use basic authentication to authenticate through to PEREX01.

    The issue i have is I've noticed that if you logon through OWA and then log off.
    Firstly the username and password dialog box pops back up and secondly if i hit the back button i go straight back into OWA without any password request. This could be very dangerous for my remote users accessing from internet cafes etc.
    Can anyone shed some light on the possible issue?
    Sorry if I have posted to wrong section.
    Regards Boomer

  • #2
    Re: OWA Security Issue

    Two things.

    1. Ensure that ANONYMOUS authentication is enabled to the /exchweb virtual directory. You may have to check that on both the ISA machine and the Exchange server itself. That will stop the popup authentication box on logoff of OWA.

    2. Enable forms based authentication. Again this can be done on either the ISA or the Exchange server itself. That stops the go back issue and when the user logs out, the session is closed.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.