Exchange Server 2003 Outlook Web Access (OWA) supports forms-based authentication technology. Also known as cookie authentication, this feature circumvents the risks associated with the common human frailty of either forgetting to log off or not logging off correctly and the inherent problems with browsers caching user credentials. Because improper logoffs and cached user credentials can leave your systems vulnerable to unauthorized users, many companies have been reluctant to enable OWA. With the instructions I provide here, you can enable forms-based authentication for your OWA deployment and reduce the security risks associated with such a deployment.
The Problem
OWA is a Web-based application that uses HTTP to let client browsers communicate with Exchange. OWA encapsulates requests and responses in HTTP messages, which, in their simplest form, consist of three parts: the type of request or response, host headers that qualify the request or response, and the message body. The browser takes appropriate action—displaying the body of the message, redirecting to a different URL, or challenging the user for credentials before resending the request—according to the response the browser receives from the server. . . .
Microsoft recommends to delete cookies from the browser, 'usually' by closing the browser. However that doesn't work.
You must delete the cookies, and 2 copies of Index.dat
After deleting cookies navigate to:
C:\Documents and
Settings\%username%\Cookies\Index.dat
And,
C:\Documents and Settings\%username%\Userdata\Index.dat
Make sure all instances of Internet explorer are closed.
and delete both index.dat files. These are recreated the next time the browser is opened.
So, for a user named 'me', it would be:
C:\Documents and Settings\ME\Cookies\Index.dat
And,
C:\Documents and Settings\ME\Userdata\Index.dat
If this process gives any errors, then make sure that all instances of the 'iexplore.exe' process are closed.
Task Manager > Processes 'Tab'
redwraith94 February 24, 2007 (Article Rating: