Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-08-16
This topic describes how to configure Windows Digest authentication for Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007. Digest authentication transmits passwords over the network as a hash value for additional security. Digest authentication is not fully secure if the user is unable to close the browser and end the browser process between sessions. This problem may occur if the user is using Outlook Web Access on a kiosk. If the browser cannot be closed, the user's credentials remain in the cache where the next user may be able to access them.
Note: |
---|
Digest authentication can be set only on Exchange 2007 virtual directories. |
Before You Begin
To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.
The exact steps that you perform when you complete this procedure by using the Exchange Management Console depend on the following:
- Whether you are running the original release (RTM) version of
Exchange 2007 or Exchange 2007 SP1.
- Whether you are running the Mailbox server role on the computer
that is running the Client Access server role.
For detailed information about these differences, see Managing Outlook Web Access Virtual Directories in Exchange 2007.
Procedure
Exchange 2007 SP1
To use the Exchange Management Console to configure Digest authentication for Outlook Web Access
-
In the Exchange Management Console, locate the virtual directory that you want to configure to use Digest authentication by using the information in step 2 or step 3.
-
If you are running the Mailbox server role on the computer that is running the Client Access server role, do one of the following:
- To modify an Exchange 2007 virtual directory, select
Server Configuration, select Client Access, and then
click the Outlook Web Access tab. The default
Exchange 2007 virtual directory is /owa.
- To modify a legacy virtual directory, select Server
Configuration, select Mailbox, and then click the
WebDAV tab. The default legacy virtual directories as
follows: /Public, /Exchweb, /Exchange, and /Exadmin.
- To modify an Exchange 2007 virtual directory, select
Server Configuration, select Client Access, and then
click the Outlook Web Access tab. The default
Exchange 2007 virtual directory is /owa.
-
If you are not running the Mailbox server role on the computer that is running the Client Access server role, select Server Configuration, select Client Access, and then click the Outlook Web Access tab.
-
In the work pane, select the virtual directory that you want to configure to use Digest authentication, and then click Properties.
-
Click the Authentication tab.
-
Select Use one or more standard authentication methods.
-
Select Digest authentication.
-
Click OK.
To use the Exchange Management Shell to configure Digest authentication for Outlook Web Access
-
To configure Digest authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:
Copy Code Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -DigestAuthentication <$true|$false>
For more information about syntax and parameters, see Set-OwaVirtualDirectory.
Exchange 2007 RTM
To use the Exchange Management Console to configure Digest authentication for Outlook Web Access
-
Open the Exchange Management Console.
-
Locate Server Configuration\Client Access.
-
On the Outlook Web Access tab, open the properties of the virtual directory that you want to configure to use Digest authentication.
-
Click the Authentication tab.
-
Select Use one or more standard authentication methods.
-
Select Digest authentication.
-
Click OK.
To use the Exchange Management Shell to configure Digest authentication for Outlook Web Access
-
To configure Digest authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:
Copy Code Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -DigestAuthentication <$true|$false>
For more information about syntax and parameters, see Set-OwaVirtualDirectory (RTM).
For More Information
For more information about the authentication methods that you can use for Outlook Web Access, see the following topics:
- Configuring
Standard Authentication Methods for Outlook Web Access
- Configuring
Forms-Based Authentication for Outlook Web Access
For more information about how to help make communication between client computers and the Client Access server more secure, see Managing Client Access Security.