Forum Discussion
OWA forms authentication
Ok... so far two posts.. so far two 'you can't do that'..hmm.. not my month.
We have OWA 2003 (outlook web access for those non-microsoft folk) using forms based authentication. We provide that access inside our company and on the Internet. For users of the Firepass VPN (which gives access to other resources) we would like to make their access to OWA a favorite link that would not require them to re-authenticate. Does anyone have a URL syntax that uses the %username% %password% variables that works with OWA. I tried to submit them as POST to owaauth.dll, but that does not work; it simply returns a 0 byte responce.
The "deployment guide" for Exchange shows setting up a happy web application, but does not support spoofing the login with forms based authentication. As anyone with OWA knows, you don't want to go back to HTTP authentication for users (which is easy to spoof with the Firepass) because this opens you up badly to things like nessus scripts which will find the header and start slapping you around. We don't want to setup another Exchange frontend for this for obvious reasons.
Thanks again smart people..
John
- OK... answered my own question.. The answer is.. you don't.
Assuming you are setting up your Exchange plant per MS best practices, you have OWA available to you on your home server (where your mailbox store is) via HTTP. The home server will use HTTP Basic or NTLM auth which Firepass spoofs just fine.
We are however back to the question.. How do I get AD variables and parse them (because I can find your Exchange home server this way) and use those variables in the Farvorites for both web and windows files links in Firepass. Anyone got that one?
John 
Jon_31531Nimbostratus
Hey John
Ever get an answer to this?
