8.8. Configuring Form-Based Authentication for OWA 2003
Problem
You want to enable form-based authentication (FBA) for your OWA 2003 servers.
Solution
Using a graphical user interface
Open the Exchange System Manager (Exchange System Manager.msc).
In the left pane, expand the appropriate Administrative Groups container and expand the Servers container.
Expand the target server and expand its Protocols container.
Expand the HTTP node, then right-click the Exchange Virtual Server object and choose Properties.
Switch to the Settings tab.
Click the Enable Forms Based Authentication checkbox.
Optionally, select a compression method from the Compression pulldown. (See the Discussion section for more on compression.)
Click OK.
ESM will display a warning dialog telling you that FBA requires SSL. Click OK.
Restart IIS by opening a command window and using the
iisresetcommand.
Discussion
The idea behind FBA is simple, but understanding it requires some background. If you've used the Exchange 5.5 version of OWA, you probably remember its logon form, which was embedded in an HTML page. The Exchange 2000 version of OWA did away with this logon page; instead, when you try to log on to Exchange, your browser would prompt for logon credentials. In Exchange Server 2003, you get to choose the approach you prefer—but which one is better? The difference between these two approaches is significant but subtle.
When a web browser gets an authentication request from a server, it has to ask the user for credentials. ...