DOCUMENT:Q269868 13-MAY-2002 [iis] TITLE :How to Bypass the Authentication Prompt When You Use OWA PRODUCT :Internet Information Server PROD/VER::3.0,4.0,5.0,5.5 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Services version 5.0 - Microsoft Internet Information Server versions 3.0, 4.0 - Microsoft Outlook Web Access, version 5.5 ------------------------------------------------------------------------------- SUMMARY ======= By default, Outlook Web Access (OWA) forces an incoming client to log on to the site. In most cases, the IIS computer is configured to use Basic authentication with SSL. Because OWA forces the client to log on and the server requires Basic authentication, a dialog box appears to the client to enter his or her credentials when they attempt to access OWA from the Logon.asp page (http://servername/exchange/logon.asp). MORE INFORMATION ================ In instances where a site is required to present authentication at the root of the site (for example, http://servername), and then go to the Exchange directory after authentication, it may be necessary to avoid the force of authentication that OWA initiates. In these situations, when the user tries to log on to the page (Logon.asp), they are presented with another dialog box to gain authentication to the OWA mailbox even though they have already provided them previously. Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. This article assumes that you are familiar with the programming language being demonstrated and the tools used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific needs. If you have limited programming experience, you may want to contact a Microsoft Certified Partner or the Microsoft fee-based consulting line at (800) 936-5200. For more information about Microsoft Certified Partners, please visit the following Microsoft Web site: http://www.microsoft.com/partner/referral/ For more information about the support options that are available and about how to contact Microsoft, visit the following Microsoft Web site: http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS To work around this, you need to modify the following section of code, which is located in Logonfrm.asp: '======================= ' MainLogon ' Authenticates, and logs on user ' '======================= Sub MainLogon On Error Goto 0 urlIsNewWindow = Request.QueryString("isnewwindow") CheckSession ' Logoff if already logged on ClearSession SetSessionStuff bstrMailbox = Request.QueryString("mailbox")
If Session(CURRENT_MAILBOX) <> bstrMailbox Then Session(CURRENT_MAILBOX) = bstrMailbox Response.Buffer = TRUE Response.Status = ("401 Unauthorized") Response.end End If The section of this code that must be modified is the following "If...then" statement: If Session(CURRENT_MAILBOX) <> bstrMailbox Then Session(CURRENT_MAILBOX) = bstrMailbox Response.Buffer = TRUE 'Response.Status = ("401 Unauthorized") 'Response.end End If Both the 'Response.Status = ("401 Unauthorized")' and Response.end statements need to be remarked (') out. The "401 Unauthorized" error message that is being set is sent back to the client the first time regardless of whether the client has already logged on successfully to the Web site. This is the statement that actually forces the second authentication prompt. The last statement (Response.end) stops any further code execution from occurring. The OWA code will still properly assign the variables that are needed to bring up the appropriate mailbox without another authentication dialog box. Additional query words: owa authentication 401 force ====================================================================== Keywords : Technology : kbOutlookSearch kbiisSearch kbiis500 kbiis400 kbiis300 kbOWASearch kbOWA550 Version : :3.0,4.0,5.0,5.5 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.