AD authentication OWA

Posted on 2012-09-05
Last Modified: 2012-09-20
Hi Experts,

I was just wondering about authentication to OWA at my company.

From the internet, when I browse to my company's Outlook web access URL, I get prompted for forms-based authentication. That is, within the webpage, I see a box for username and password. The OWA is being reverse proxied by the ISA server. ISA server is on the DMZ and the back-end exchange server is on the inside network.

When I input my AD credentials, is the ISA server passing it to the backend exchange server which passes it to AD servers to check?
Question by:trojan81
    LVL 13

    Assisted Solution

    Hello Trojan81

    What is happening in this case is that the credentials received by ISA Server are validates directly from the ISA server to AD, if these credentials are corrected them ISA Server pass these credentials to your exchange server

    Internally, the second step, and been transparent for the user, the credentials sent to exchange from ISA Server (And already validated by ISA Server with AD) are revalidated again in Exchange with the AD

    I am assuming in this example that you have your exchange servers configured with basic authentication and your ISA Server with form base authentication
    LVL 52

    Expert Comment

    When I input my AD credentials, is the ISA server passing it to the backend exchange server which passes it to AD servers to check? - Yes

    Authentication in ISA Server 2006

    What is the ISA and Exchange Versions.

    - Rancy

    Author Comment

    Hello guys. So is the authentication happening at the ISA or is the ISA passing it to exchange which does an LDAP check against configured AD servers?
    LVL 13

    Accepted Solution

    Both things are correct. ISA authenticates the OWA connection with the DCs and them pass the credentials to the OWA servers. The LDAP connection between ISA server and the DCs make exactly an authentication communication that includes the query for validating the user, validating the credentials and so on

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Easy CSR creation in Exchange 2007,2010 and 2013
    Outlook Free & Paid Tools
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now