Bypassing Forms Based Authentication

Home Forums Messaging Software Exchange 2000 / 2003 Bypassing Forms Based Authentication

This topic contains 3 replies, has 2 voices, and was last updated by Avatar jmkirk 13 years, 3 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • Avatar
    jmkirk
    Member
    #113617

    I have Exch 2003 setup where domain users access OWA internally form local LAN PCs. This is done through a desktop icon as an IE shortcut. As they are domain autenticated users, the link goes straight into their OWA session. This is how its designed to work.
    We require those same people to be able to access OWA externally. For this external access I want to use Forms Based Autentication. If I enable this it works fine but the local LAN access now forces FBA as well.

    Anyone know of an approach to use FBA for external access and integrated autentication of internal access on the same server instance of owa. If the approach needs a second virtual server instance of owa how do I go about setting this up.

    the server is dual homed and the owa server instance is bound to both the internal IP address and the external ip address.

    Any help appriciated

    Avatar
    Sembee
    Member
    #255016

    Re: Bypassing Forms Based Authentication

    The way that I would probably suggest is to use an ISA or a frontend server. You can then offload the forms based page to that server.

    You could try setting up a second virtual server for OWA. You must do it through ESM, not IIS Manager.
    ESM, Servers, , Protocols, HTTP.
    Right click and choose New, Virtual Server. You will need to give it a name and assign it an IP address. Don’t change anything else to begin with.

    Simon.

    Avatar
    jmkirk
    Member
    #279256

    Re: Bypassing Forms Based Authentication

    Thanks for the advice Simon.
    I have now got it set up and working. 2 instances of OWA one listening on internal IP without FBS one listening on external IP with FBS enabled. Internal access for authenticated domain users goes strainght to their OWA session. External access presents FBA. However, it required more than just setting up a second HTTP virtual; server in ESM all corresponding subdirectories etc which appeared in the original exchange HTTP server and in the IIS site tree had to be recreated. The best way I found to do this in IIS was to save the configuration from the original locations and then recreate in the new site from file. In ESM I had to manually recreate all the subdirectories. All settings remained the same for both original and second instances except for the listening IP differences.

    Avatar
    Sembee
    Member
    #255023

    Re: Bypassing Forms Based Authentication

    I am not surprised that there was more to it. I don’t actually do it as a rule, as I have mixed results when trying to make the changes. You can also get issues with other parts of Exchange – RPC over HTTPS, Exchange ActiveSync etc.

    Simon.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.