Is it possible to have a single CAS server service request from the internet with Form Based Authentication, and internal clients with WindowsAuthentication using two Websites?

I've tried to set this up, but find that either one works (The FBA) and the other, though set to Windows Auth, presents a Login Form but never authenticates (tells me the password is incorrect)

OR

Windows Authentication works on one Website, whilst FBA on the other presents but never authenticates.

Otherwise it seems like you have to have an extra set of servers just to serve the inter

Solution for this, that I usually implemented, was to deploy TMG in front of Exchange and enable FBA on TMG, while Windows and Basic Authentication are enabled on CAS. By using that approach, your external users will have FBA because they will be going through TMG (which delegates credentials via basic+ssl or ntlm to CAS) and internal will go directly to CAS and will be authenticated by WIndows Auth.

Since TMG is end-of-life, you can also use UAG for this. I didn't try to setup two web sites on CAS on version 2013. I tried it once on 2010 and it worked.

Hi,

Yes, you can build two website. One for External OWA and the other for Internal OWA.

Thanks,

If you have feedback for TechNet Subscriber Support, contact tnsfl@microsoft.com

Thank you. We have had to rethink our strategy with regards to TMG/UAG and we are dumping these products because they are not forward thinking.

Unfortunately, I have tried setting up a seperate web site, and despite this, as noted, either one or the other website failed to work as configured. If one started working, the other failed. Is there any guidance on how to do this?

Hi,

we can set up multiple OWA virtual directories on one CAS server. However, there are a lot of limitations. Please check the following article:

http://msexchangeteam.com/archive/2008/01/07/447828.aspx

Based on my research, to create an additional OWA virtual directory, we may following the steps below:

=================================

There can be at most one OWA virtual directory per website, therefore, we must create a new web site first. Considering the new web site will be published for different usage, it is best if you may bind a new IP address to this web site.

Here we can use 8080 as the port and use * as the IP address, it is necessary for you to use a sperated NIC with a new IP address different with that of Default Web Site.

New-OWAVirtualDirectory -OwaVersion:Exchange2007 -Name "OWA" -WebSiteName "new website name"

Set-OWAVirtualDirectory -Identity "yourservername\owa (new website name)" -BasicAuthentication $true

Then we can use http://yourservername:8080/owa to access this new created OWA vdir.

Thanks,

If you have feedback for TechNet Subscriber Support, contact tnsfl@microsoft.com