Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

Microsoft Teams Day is back!

Register today!
Icon for Live Conference on December 8!

Live Conference on December 8!

GET-IT Microsoft Teams Conference

Icon for Live Webinar on Nov. 29th!

Live Webinar on Nov. 29th!

MVP Panel Talk: Do You Need to Backup Microsoft 36...

Icon for Live Webinar Coming Dec. 14th!

Live Webinar Coming Dec. 14th!

Recession Proof Your IT: How to Reduce IT Costs Wi...

Icon for New E-Book

New E-Book

Tracking Tasks in Microsoft 365

Home

Exchange Server

Using Forms-Based Authentication without SSL

Daniel Petri

 |

Jan 8, 2009

How to use forms-based authentication in Exchange 2003 without the need to use SSL?

Forms-based authentication (or FBA for short) is a mechanism in Exchange 2003 Outlook Web Access that allows the user to have a more customizable experience of the OWA logon page and usage.

By default, FBA requires that Secure Sockets Layer (SSL – i.e. HTTPS) be configured on your server running IIS. For debugging and testing purposes, Outlook Web Access offers a way to enable FBA through normal HTTP.

Follow the steps outlined in the Configuring Forms-Based Authentication in OWA and Exchange 2003 article on general instructions on how to configure FBA.

To configure forms-based authentication to work without SSL for your development environment:

  1. Open Registry Editor.

  2. Go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb

  1. If it does not exist, manually add an OWA subkey to this key.

  2. Under the OWA subkey, add a DWord value named AllowRetailHTTPAuth and give it a value of 1.

  3. Quit Registry Editor.

To test your configuration, open your web browser and navigate to http://server/exchange. Notice that you ARE able to make the connection, although FBA is in use.

Note: I do not recommend using this configuration on a production server because of the security issues involved.

Related articles

You may find these related articles of interest to you:

Links

Customizing the Outlook Web Access Logon Page

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Exchange Server

Datacenter networking servers

Microsoft Warns About New Zero-Day Vulnerabilities in Exchange Server

Sep 30, 2022 | Rabia Noureen

Security

Microsoft Exchange Servers Hit By Stealthy IIS Backdoors

Jul 27, 2022 | Rabia Noureen

Security

Kaspersky Discloses New 'SessionManager' Backdoor Targetting Microsoft Exchange Servers

Jul 1, 2022 | Rabia Noureen

M365 Changelog: (Updated) Safe Links Global Settings Migrated to Custom Policies

Jun 28, 2022 | Petri Staff

Datacenter networking servers

Microsoft Postpones the Release of Next Version of Exchange Server Until 2025

Jun 3, 2022 | Rabia Noureen

M365 Changelog: Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail to be retired

May 24, 2022 | Petri Staff

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy