Exchange Server

Using Forms-Based Authentication without SSL

How to use forms-based authentication in Exchange 2003 without the need to use SSL?

Forms-based authentication (or FBA for short) is a mechanism in Exchange 2003 Outlook Web Access that allows the user to have a more customizable experience of the OWA logon page and usage.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

By default, FBA requires that Secure Sockets Layer (SSL – i.e. HTTPS) be configured on your server running IIS. For debugging and testing purposes, Outlook Web Access offers a way to enable FBA through normal HTTP.

Follow the steps outlined in the Configuring Forms-Based Authentication in OWA and Exchange 2003 article on general instructions on how to configure FBA.

To configure forms-based authentication to work without SSL for your development environment:

  1. Open Registry Editor.

  2. Go to the following registry key:

  1. If it does not exist, manually add an OWA subkey to this key.

  2. Under the OWA subkey, add a DWord value named AllowRetailHTTPAuth and give it a value of 1.

  3. Quit Registry Editor.

To test your configuration, open your web browser and navigate to http://server/exchange. Notice that you ARE able to make the connection, although FBA is in use.

Note: I do not recommend using this configuration on a production server because of the security issues involved.

Related articles

You may find these related articles of interest to you:


Customizing the Outlook Web Access Logon Page

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: