Exchange OWA using Windows authentication
I have a Exchange 2010 which has OWA virtual directory security configured to use Windows authentication method.
It works fine except one thing: it seems the session remembers the credentical somewhere.
I have two account on Exchange server. I access OWA at the first time and I did get a prompt window asking for user name and password. I enter the credential of my first account. I have no problem to get in and can check emails. Then I click "sign off" link
to quite the session and close the IE after.
Then I open a new IE window to access OWA web site again trying to check email for the second account. But I didn't get a prompt window as expected but instead I got into my first mailbox.
I close the IE and clear everything including history, form data, password and etc. in IE option. Then I open a new window to access OWA site. The same result, I got into the first account mailbox directly. It the credentical is remembered on the Exchange
server.
What do I miss? I want to be able to quite from the first mailbox and be able to check email in the second mailbox.
October 25th, 2010 2:47pm
Hi,
If you want to be prompted each time you should set it for form-based authentication instead. Windows Authentication is used to login automatically so you won't be asked for username and password.
/MartinExchange is a passion not just a collaboration software.
Free Windows Admin Tool Kit Click here and download it now
October 25th, 2010 9:49pm
Is it by design?
Because in Exchange 2003, it does prompt for user name and password if you log off from the owa.
Remember the user name and password is not a good design for security sake.
October 26th, 2010 11:53am
It is by design since you are choosing to used the username and password of the user that is logged onto the computer. If this is not the case I must have misread some of your post.
But setting it to form-based will solve that issue for you.
/MartinExchange is a passion not just a collaboration software.
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2010 11:57am
Hi,
Just as Martin said, Integrated Windows authentication enables the server to authenticate users who are signed in to the network without prompting them for their
user name and password and without transmitting information that isn't encrypted over the network. Here is an related article for you:
Configure Integrated Windows Authentication
http://technet.microsoft.com/en-us/library/aa998638.aspx
You can follow Martin’s suggestion, enable form-based authentication to resolve the issue for you. Here is a document about how to Configuring Forms-Based Authentication
for Outlook Web App:
Configuring Forms-Based Authentication for Outlook Web App
http://technet.microsoft.com/en-us/library/bb123719.aspx
If anything is unclear, please feel free to let me know and I will be glad to help.
Best Regards,
Evan
October 27th, 2010 9:12pm
Hi,
Now I know your problem more clear. You problem is when you use OWA on Windows 7, the Windows authentication doesn’t work, right?
For this issue, as it can works on Windows 2003, Windows Server 2008 and R2, this may not the problem on your Exchange Server.
I suggest you check whether you have enable “ Integrated Windows Authentication” on your IE. You can enable it by this way:
Internet Options->Advanced->Security-> “enable Integrated Windows Authentication”
If the problem still persists, please use the following links which would be the most relevant forum for your question:
http://social.technet.microsoft.com/Forums/en/category/w7itpro
If you have any other Exchange problems, please ask in a new post.
Thanks,
Evan
Free Windows Admin Tool Kit Click here and download it now
October 28th, 2010 4:07am
Hi,
Just as Martin said, Integrated Windows authentication enables the server to authenticate users who are signed in to the network without prompting them for their
user name and password and without transmitting information that isn't encrypted over the network. Here is an related article for you:
Configure Integrated Windows Authentication
http://technet.microsoft.com/en-us/library/aa998638.aspx
You can follow Martin’s suggestion, enable form-based authentication to resolve the issue for you. Here is a document about how to Configuring Forms-Based Authentication
for Outlook Web App:
Configuring Forms-Based Authentication for Outlook Web App
http://technet.microsoft.com/en-us/library/bb123719.aspx
If anything is unclear, please feel free to let me know and I will be glad to help.
Best Regards,
Evan
October 28th, 2010 4:07am
Thanks for replying. Let me explain it a little more.
First of I can't use form-based authentication. The reason email application in some of old version smartphone in our company doesn't support it. Once form-based authentication is used, it won't work. So I have to use windows integrated authentication.
Second, the integrated windows authentication, as my understanding, will pass my current login credential to the web site. If it passed, I will get in, otherwise I should get a pop up asking for user name and password. Now I am using home computer to access
OWA, so my windows logon session is not internal domain but my local home computer. This is why I get the prompt window at the first time. But problem is even I click "log off" in OWA, next time when I access
https://mail.server.com/exchange, I get into the mailbox directly without being asked for the password. The credential seems saved somewhere. This is not a tranditional windows integrated login to me.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2010 11:40am
Update. It seems this issue is client related. I tested on few different OS, on Windows 2003, Windows Server 2008 x86, x64 and R2, they are all working as my expectation: once click "sign out" and then access the OWA again, a prompt window showing up asking
for user name and password.
However, on Windows 7 Enterprise x64, the login prompt window only shows up at the first time. After that, the credential seems stored somewhere and even click "sign out" button to close the IE window, I can still go into my mailbox without enter login information.
So this seems to be a windows 7 issue not exchange.
October 29th, 2010 11:47am
Ah now I understand it better.
Have a look at this article:
http://www.addictivetips.com/windows-tips/use-credential-manager-to-store-username-and-password-in-windows-7/
Windows 7 can save the passwords that you use, have a look and see if your first credentials are saved there.
/MartinExchange is a passion not just a collaboration software.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2010 12:26pm
Hi,
Now I know your problem more clear. You problem is when you use OWA on Windows 7, the Windows authentication doesn’t work, right?
For this issue, as it can works on Windows
2003, Windows Server 2008 and R2, this may not the problem on your Exchange Server.
I suggest you check whether you have enable “ Integrated Windows Authentication” on your IE. You can enable it by this way:
Internet Options->Advanced->Security-> “enable Integrated Windows Authentication”
If the problem still persists, please use the following links which would be the most relevant forum for your question:
http://social.technet.microsoft.com/Forums/en/category/w7itpro
If you have any other Exchange problems, please ask in a new post.
Thanks,
Evan
October 31st, 2010 11:19pm