Authentication with OWA login does not work correct redirect

At my company we have an intranet website. Recently we enabled OWA with exchange so people have to logon onto the intranet website using the exchange form based login.

It is configured to go to a specific file after the login is done. The file is a webpage with a frame for a few webpages including the webmail.

When people login with a wrong password they still get the redirection to the index file of the intranet website. When they click on the webmail button they get an error saying that their credentials are wrong. I understand the last one, no rocket science.
But what I don't understand is that when somebody logs in with a wrong password that the user is forwarded to the index page of the intranet website. People should not get that page with incorrect credentials.

The url of the intranet site is this: https://intranet.esloo.nl/exchweb/bin/auth/owalogon.asp?url=https://intranet.esloo.nl/index2.php
Just click the "Aanmelden" you'll get into the intranet. Now click on "WEBMAIL" and the error appears as supposed to.

In my mind it can be solved in two ways:
1.  When people put in incorrect credentials they're returned to the login page with an error message stating their credentials are incorrect.
2. I check in the index page of the intranet website if they get a cookie or a session variable from the exchange server. If not the user is forwarded to the login page with an error like the one above.

I've been googling for a while now trying to find a solution for both ways but could not find anything.

Does anybody have an idea how to solve this problem.

Thanx in advance.
LVL 9
Sander StadSysteemontwikkelaar, Database AdministratorAsked:
Who is Participating?
 
MATTHEW_LCommented:
I have seen it done.  I will try to dig up some resources.  What should happen is you should build your own logon page that authenticates against AD.  Once the user is authenticated they would get a cookie allowing them SSO (Single Sign On) into other web applications for a period of time, before their session / cookie times out.  That way when they click on their email link it would just pop them right into email without having to authenticate again, and in a way bypassing the OWA login.  Like I said I have seen this used, it worked well, I will try to dig up some resources.  I myself am not a programmer / web developer so....
0
 
MATTHEW_LCommented:
I think this is happening because you are chaning the location that the user goes after login.  If you leave that as the default Exchange location that is what powers the error situations such as invalid passwords etc, and dumps the user back at the OWA login page with the error message in red text.  I would try to use the cookie idea.
0
 
Sander StadSysteemontwikkelaar, Database AdministratorAuthor Commented:
And that's where the problem starts, you can't really change the files of OWA. Only the layout.
I really don't know how to create and destroy a cookie in conjunction with OWA.

Do you have an example.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.