Solved

Authentication with OWA login does not work correct redirect

Posted on 2007-03-23
5
860 Views
Last Modified: 2008-03-03
At my company we have an intranet website. Recently we enabled OWA with exchange so people have to logon onto the intranet website using the exchange form based login.

It is configured to go to a specific file after the login is done. The file is a webpage with a frame for a few webpages including the webmail.

When people login with a wrong password they still get the redirection to the index file of the intranet website. When they click on the webmail button they get an error saying that their credentials are wrong. I understand the last one, no rocket science.
But what I don't understand is that when somebody logs in with a wrong password that the user is forwarded to the index page of the intranet website. People should not get that page with incorrect credentials.

The url of the intranet site is this: https://intranet.esloo.nl/exchweb/bin/auth/owalogon.asp?url=https://intranet.esloo.nl/index2.php
Just click the "Aanmelden" you'll get into the intranet. Now click on "WEBMAIL" and the error appears as supposed to.

In my mind it can be solved in two ways:
1.  When people put in incorrect credentials they're returned to the login page with an error message stating their credentials are incorrect.
2. I check in the index page of the intranet website if they get a cookie or a session variable from the exchange server. If not the user is forwarded to the login page with an error like the one above.

I've been googling for a while now trying to find a solution for both ways but could not find anything.

Does anybody have an idea how to solve this problem.

Thanx in advance.
0
Comment
Question by:Sander Stad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18780607
I think this is happening because you are chaning the location that the user goes after login.  If you leave that as the default Exchange location that is what powers the error situations such as invalid passwords etc, and dumps the user back at the OWA login page with the error message in red text.  I would try to use the cookie idea.
0
 
LVL 9

Author Comment

by:Sander Stad
ID: 18791000
And that's where the problem starts, you can't really change the files of OWA. Only the layout.
I really don't know how to create and destroy a cookie in conjunction with OWA.

Do you have an example.
0
 
LVL 10

Accepted Solution

by:
MATTHEW_L earned 125 total points
ID: 18796619
I have seen it done.  I will try to dig up some resources.  What should happen is you should build your own logon page that authenticates against AD.  Once the user is authenticated they would get a cookie allowing them SSO (Single Sign On) into other web applications for a period of time, before their session / cookie times out.  That way when they click on their email link it would just pop them right into email without having to authenticate again, and in a way bypassing the OWA login.  Like I said I have seen this used, it worked well, I will try to dig up some resources.  I myself am not a programmer / web developer so....
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question