814 CHAPTER 21 DEPLOYING OUTLOOK WEB ACCESS Without enabling this forms-based authentication, users are presented with a regular Internet Explorer authentication dialog box: When the user logs in, these credentials are cached and sent to the server each time an HTTP request is sent to the server. The credentials are sent to the server in the HTTP Authorization header; this header looks something like this: HTTP: Authorization =Basic dm9sY2Fub3N1cmZcam1jYmVlOkJlbGwuMjIy The browser continues to cache these credentials for as long as the browser window is open. This introduced lots of problems with Exchange 2000 OWA when users would check their e-mail, connect to a few other URLs, and then leave the computer without closing the browser window. Someone else could come along and click Back a few times and get into that user s mailbox. That is why it was so important for the user to close the browser window when they were through checking their mail via OWA. Forms-based authentication (also sometimes called cookie-based authentication) handles authentication by assigning the user a cookie. The cookie has an inactivity timer set that will automatically expire if the user stops accessing OWA unless the user is actually editing a message. This type of authentication also prevents users from checking the Remember My Password box and storing their password in the computer s protected store. Once the user clicks the Logout button, there is no way someone can click the Back button and return to the mailbox. To enable forms-based authentication, you need to edit the properties of the HTTP virtual server. Figure 21.6 shows the Settings property page of an HTTP virtual server. Simply check the Enable Forms Based Authentication box. You will be reminded that before this login page can be used you must enable SSL for that virtual server. Figure 21.6 Enabling formsbased authentication for OWA

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Discount Web Hosting services

Bookmark the permalink.

Comments are closed.