Outlook Web Access 2003 Forms-based Authentication and the default domain dilemma – Part 2

The script I provided in Part 1 didn’t support the option of letting users specify domain/username but only username, but by making this an option it eliminates the head-ache of users that are not aware of a change being made and thus not able to logon. Both scripts shown in this article takes care of that problem by inserting an extra line of code. In addition script 1 (which I personally think is very elegant and well polished) also solves the login problem users using the Firefox browser etc. can experience (see Figure 1).


Figure 1: Forms-Based Authentication with Username in the Firefox browser

In order to see how you implement the scripts provided in this article please refer to Outlook Web Access 2003 Forms-based Authentication and the default domain dilemma – Part 1.

Script 1 (by Andreas Warberg, Denmark)

<script type=”text/javascript” language=”javascript”>
   
function logonForm_onsubmit() {
       
var userName=logonForm.username.value;
       
if (userName.indexOf(“@”) !=-1)
           
return true;
       
else if(userName.indexOf(“\\”) !=-1)
           
return true;
       
else{
           
logonForm.username.value = “YOUR_DOMAIN_NAME\\” + userName;
           
return true;
       
}               
   
}
</script>

<form action=”/exchweb/bin/auth/owaauth.dll” method=”POST” id=”logonForm” autocomplete=”off” onsubmit=”logonForm_onsubmit()”> 

Script 2 (by Eugene Brusilovsky, Russia):

<script Language=javascript>
  <!–
    function logonForm_onsubmit()
     {
       if (logonForm.username.value.indexOf(“NetBIOS domain here\\”) !=-1) { return true; ]
       if (logonForm.username.value.indexOf(“@”) !=-1)




    {
       return true;
    }
       logonForm.username.value = “NetBIOS domain here\\” + logonForm.username.value;
       return false;
    }
  //–>
</script>






<FORM action=”/exchweb/bin/auth/owaauth.dll” method=”POST” name=”logonForm” autocomplete=”off” onsubmit=”logonForm_onsubmit()”>

Considerations When Applying Exchange Service Packs and HotFixes

Applying an Exchange 2003 Service Pack typically overrides the Logon.asp file meaning you will loose any modification made to it, therefore you should always remember to take a backup of the file before doing so. The same goes for some of the HotFixes released, but the respective MS KB article normally warns you about what Exchange files are being replaced.

Warning
Be aware applying the HotFix included in MS KB article: 883543 – The S/MIME control does not load in OWA when you are running the Exchange Server 2003 OWA client on a Windows XP Service Pack 2-based computer changes the Logon.asp file in such a way that the script in the first article and the two scripts in this one won’t work anymore, meaning users won’t be able to logon. I will update this article when I know more about this specific issue.

Considerations when using ISA Server 2004

If you already implemented or are planning to implement ISA Server 2004 in your environment, you should bear in mind that ISA Server 2004 have the possibility of creating its own Forms-based Authentication Log on Form to pre-authenticate your OWA users (preventing unauthorized connections to reach your OWA Server), see Figure 2 below:


Figure 2: ISA Server 2004 Forms-Based Authentication Option 

If you want to make use of this feature you should NOT enable the Forms-based authentication feature on your OWA front-end or back-end Server. As you might have guessed this means you would need to implement the above scripts in the Log on form on the ISA 2004 Server and NOT the OWA Server itself.

I haven’t tested this scenario and so you make these changes at your own risk!

You can read more about the new ISA Server 2004 Log on form in below article by Tom Shinder:

Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version 1.1

Leave a Comment

Your email address will not be published.

Scroll to Top