Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for On-Demand Webinar

On-Demand Webinar

Combating Cyberattacks in 2022: Prepare to Defend Your Active Directory
Icon for Upcoming Conference

Upcoming Conference

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference
Icon for Ebook

Ebook

The Forrester New Wave™: SaaS Application Data Protection, Q4 2021

Home

Exchange Server

Using Forms-Based Authentication without SSL

Daniel Petri

 |

Jan 8, 2009

How to use forms-based authentication in Exchange 2003 without the need to use SSL?

advertisment

Forms-based authentication (or FBA for short) is a mechanism in Exchange 2003 Outlook Web Access that allows the user to have a more customizable experience of the OWA logon page and usage.

By default, FBA requires that Secure Sockets Layer (SSL – i.e. HTTPS) be configured on your server running IIS. For debugging and testing purposes, Outlook Web Access offers a way to enable FBA through normal HTTP.

Follow the steps outlined in the Configuring Forms-Based Authentication in OWA and Exchange 2003 article on general instructions on how to configure FBA.

advertisment

To configure forms-based authentication to work without SSL for your development environment:

  1. Open Registry Editor.

  2. Go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb

advertisment

  1. If it does not exist, manually add an OWA subkey to this key.

  2. Under the OWA subkey, add a DWord value named AllowRetailHTTPAuth and give it a value of 1.

  3. Quit Registry Editor.

To test your configuration, open your web browser and navigate to http://server/exchange. Notice that you ARE able to make the connection, although FBA is in use.

Note: I do not recommend using this configuration on a production server because of the security issues involved.

Related articles

You may find these related articles of interest to you:

Links

Customizing the Outlook Web Access Logon Page

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Exchange Server

M365 Changelog: Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail to be retired

May 24, 2022 | Petri Staff

M365 Changelog: (Updated) Microsoft Defender for Office 365: Updates to URL Protection Report

May 24, 2022 | Petri Staff

M365 Changelog: Safe Links Global Settings Migrated to Custom Policies

May 20, 2022 | Petri Staff

Windows Logo

Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages

May 11, 2022 | Rabia Noureen

M365 Changelog: Exchange Transport Rule Report moving to the new Exchange Admin Center (EAC) from the Security and Compliance Center

Apr 22, 2022 | Petri Staff

Datacenter networking servers

Hive Ransomware Group Attacks Vulnerable Microsoft Exchange Servers

Apr 22, 2022 | Rabia Noureen

Most popular on petri

X

Log in to save content to your profile.

Login

Sign Up

Username/Email

Password

Forgot Password?

Login

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy