Announcement

Collapse
No announcement yet.

Bypassing Forms Based Authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bypassing Forms Based Authentication

    I have Exch 2003 setup where domain users access OWA internally form local LAN PCs. This is done through a desktop icon as an IE shortcut. As they are domain autenticated users, the link goes straight into their OWA session. This is how its designed to work.
    We require those same people to be able to access OWA externally. For this external access I want to use Forms Based Autentication. If I enable this it works fine but the local LAN access now forces FBA as well.

    Anyone know of an approach to use FBA for external access and integrated autentication of internal access on the same server instance of owa. If the approach needs a second virtual server instance of owa how do I go about setting this up.

    the server is dual homed and the owa server instance is bound to both the internal IP address and the external ip address.

    Any help appriciated

  • #2
    Re: Bypassing Forms Based Authentication

    The way that I would probably suggest is to use an ISA or a frontend server. You can then offload the forms based page to that server.

    You could try setting up a second virtual server for OWA. You must do it through ESM, not IIS Manager.
    ESM, Servers, <your server>, Protocols, HTTP.
    Right click and choose New, Virtual Server. You will need to give it a name and assign it an IP address. Don't change anything else to begin with.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Bypassing Forms Based Authentication

      Thanks for the advice Simon.
      I have now got it set up and working. 2 instances of OWA one listening on internal IP without FBS one listening on external IP with FBS enabled. Internal access for authenticated domain users goes strainght to their OWA session. External access presents FBA. However, it required more than just setting up a second HTTP virtual; server in ESM all corresponding subdirectories etc which appeared in the original exchange HTTP server and in the IIS site tree had to be recreated. The best way I found to do this in IIS was to save the configuration from the original locations and then recreate in the new site from file. In ESM I had to manually recreate all the subdirectories. All settings remained the same for both original and second instances except for the listening IP differences.

      Comment


      • #4
        Re: Bypassing Forms Based Authentication

        I am not surprised that there was more to it. I don't actually do it as a rule, as I have mixed results when trying to make the changes. You can also get issues with other parts of Exchange - RPC over HTTPS, Exchange ActiveSync etc.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X