Exchange OWA without Forms Authentication

In many organizations, Outlook Web Access is used to enable employees to view their e-mail and calendar online. In most cases, the enabled access uses Forms Authentication to display a neat Outlook login form in which users may enter their accountname and password to gain access to the web access environment.

SharePoint is able to use this ‘access point’ to display information like e-mail, appointments, etc. on a (my)site. But now the catch… those Outlook Web Parts don’t work with forms authentication enabled. So what we need is a second access point to enable SharePoint to pass on the users’ credentials via Integrated Authentication.

To acheive this, log into your Exchange server and open the Exchange System Manager. Navigate to Administrative Groups and unfold your organizations domain. Now choose Servers and locate the appropriate Exchange Server. Navigate to Protocols and choose ‘HTTP’. You’ll probably see one server called ‘Exchange Virtual Server’; this is the default server which is serving the forms authentication enabled web access.

To create a new server, rightclick the HTTP map and click new -> virtual server. The properties screen will popup asking you to specify a name; pick one. Click ‘Advanced’ to set the new port, and remove the old one. Choose a portnumber which you know is unused and perhaps one that’s easy to remember, like 8090. Make sure you remove 80, you’ll won’t be able to save the server settings if it’s still there (since it’s not possible to run two different virtual servers on the same port).

After setting the correct port, save the servers settings. You can configure access/authentication on the “Access” tab if you like, but default settings will do in most cases (you might want to disable write access).

The final step is to add a Virtual Directory to the new Virtual Server. This will point to the correct maps containing the actual web access files. To do this, simply right click on the new virtual server and click on new -> Virtual Directory. The properties window will again popup asking for a name, type ‘Exchange’ (this is the default name for such a directory). You can leave the Exchange Path setting to it’s default (‘Mailboxes for SMTP domain’) and close the window.

That’s all! If all is well, your new virtual server is automatically started. You can check that by refreshing the view and right clicking the new virtual server. To force all changes you could stop and start it, but that shouldn’t be nescessary. To test it; simple open a new Internet Explorer window and type ‘http://localhost:8090’ in the address bar; the mailbox of the account u used to login should be displayed.

Now for SharePoint; using the Outlook Web Access web parts becomes very easy. Add a web part to a page, open the web part settings and specify the correct server (http://servername:8090) and mailbox. If all is well: the correct mailbox (or calendar, or contacts, or tasklist ;)) should be displayed!

Leave a Reply

Your email address will not be published. Required fields are marked *