DOCUMENT:Q269868  13-MAY-2002  [iis]
TITLE   :How to Bypass the Authentication Prompt When You Use OWA
PRODUCT :Internet Information Server
PROD/VER::3.0,4.0,5.0,5.5
OPER/SYS:
KEYWORDS:

======================================================================
-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Internet Information Services version 5.0 
 - Microsoft Internet Information Server versions 3.0, 4.0 
 - Microsoft Outlook Web Access, version 5.5 
-------------------------------------------------------------------------------

SUMMARY
=======

By default, Outlook Web Access (OWA) forces an incoming client to log on to the
site. In most cases, the IIS computer is configured to use Basic authentication
with SSL. Because OWA forces the client to log on and the server requires Basic
authentication, a dialog box appears to the client to enter his or her
credentials when they attempt to access OWA from the Logon.asp page
(http://servername/exchange/logon.asp).

MORE INFORMATION
================

In instances where a site is required to present authentication at the root of
the site (for example, http://servername), and then go to the Exchange directory
after authentication, it may be necessary to avoid the force of authentication
that OWA initiates. In these situations, when the user tries to log on to the
page (Logon.asp), they are presented with another dialog box to gain
authentication to the OWA mailbox even though they have already provided them
previously.

Microsoft provides programming examples for illustration only, without warranty
either expressed or implied, including, but not limited to, the implied
warranties of merchantability and/or fitness for a particular purpose. This
article assumes that you are familiar with the programming language being
demonstrated and the tools used to create and debug procedures. Microsoft
support professionals can help explain the functionality of a particular
procedure, but they will not modify these examples to provide added
functionality or construct procedures to meet your specific needs. If you have
limited programming experience, you may want to contact a Microsoft Certified
Partner or the Microsoft fee-based consulting line at (800) 936-5200. For more
information about Microsoft Certified Partners, please visit the following
Microsoft Web site:

   http://www.microsoft.com/partner/referral/

For more information about the support options that are available and about how
to contact Microsoft, visit the following Microsoft Web site:

   http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

To work around this, you need to modify the following section of code, which is
located in Logonfrm.asp:

   '=======================
   ' MainLogon
   ' Authenticates, and logs on user
   '
   '=======================
    Sub MainLogon
    
    	On Error Goto 0
    
        urlIsNewWindow = Request.QueryString("isnewwindow")
    	CheckSession
    
        ' Logoff if already logged on
    	ClearSession
        SetSessionStuff
    
    	bstrMailbox = Request.QueryString("mailbox")
    <BR/>

    	If Session(CURRENT_MAILBOX) <> bstrMailbox Then
            Session(CURRENT_MAILBOX) = bstrMailbox
    		Response.Buffer = TRUE
    		Response.Status = ("401 Unauthorized")
    		Response.end
    	End If

The section of this code that must be modified is the following "If...then"
statement:

    	If Session(CURRENT_MAILBOX) <> bstrMailbox Then
            Session(CURRENT_MAILBOX) = bstrMailbox
    		Response.Buffer = TRUE
    		'Response.Status = ("401 Unauthorized")
    		'Response.end
    	End If

Both the 'Response.Status = ("401 Unauthorized")' and Response.end statements
need to be remarked (') out. The "401 Unauthorized" error message that is being
set is sent back to the client the first time regardless of whether the client
has already logged on successfully to the Web site. This is the statement that
actually forces the second authentication prompt. The last statement
(Response.end) stops any further code execution from occurring.

The OWA code will still properly assign the variables that are needed to bring up
the appropriate mailbox without another authentication dialog box.

Additional query words: owa authentication 401 force

======================================================================
Keywords          :  
Technology        : kbOutlookSearch kbiisSearch kbiis500 kbiis400 kbiis300 kbOWASearch kbOWA550
Version           : :3.0,4.0,5.0,5.5
Issue type        : kbhowto

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 2002.