WebDAV and OWA Authentication Settings


With any login issue, it’s important to know which authentication protocols are valid.  You  have to code to an authentication protocol which can be used.


 


The authentication settings for OWA and WebDAV are tied together under Exchange 2000 and 2003.  Because of this, developers run into issues with WebDAV not being able to authenticate if FBA is enabled for OWA.  A developer could work around the issue so they  don’t have to code for FBA authentication.  However, it’s common for developers to use custom FBA authentication code.


 


When trying to log-into OWA 2000 or 2003:


If it shows an asp login page, then FBA is enabled.


If you get a grey dialog box, then Basic is enabled.


If you go right into your email account, then windows auth is used.


 


Exchange 2007 is different than 2000/2003 because the settings for the Exchange virtual folder and OWA folder are separate – they don’t mess with each other.  Because of this you can set individual settings for WebDAV and OWA – so having FBA on for OWA will not affect WebDAV.   Please note that under 2007 you won’t be able to tell what settings there are for WebDAV by using the OWA login test mentioned above – you’ll have to check the IIS and ESM settings. 


 


One thing to note that for using WebDAV under 2007 is that there is no practical reason to use FBA authentication.  Why???   That’s because FBA authentication is really for authenticating against the OWA Web Page – and that’s not needed since the OWA and WebDAV settings are not separate.  You should consider using use Basic Authentication or Windows Authentication instead.   If your worrying about security, use SSL.  SSL will help prevent sniffing of passwords with Basic Authentication same as it does for FBA authentication.


 


Places to check for 2003:


 


In ESM:


If FBA is turned on, then they won’t be able to use Windows auth or Basic auth.  The FBA setting in ESM will override the IIS Settings.  ESM is the recommended place to change the settings on Exchange virtual folders – so you should set them here instead.  The settings between ESM and IIS are synced, however I’ve seen cases where they are not synchronized – so I’d suggest that you set them in ESM, then verify that they are correct in IIS.


 


In IIS: 


The Directory Security settings on the “exchange” virtual folder should be set as needed.  If Anonymous is turned on for the Exchange virtual folder, then Basic and Windows won’t be used.    


 


Note:   With some virtual folder (perhaps “exadmin”), you might have to set the settings in IIS because they will be grayed-out. 


 


Please refer to the following:


 


How WebDAV - Use Basic Authentication with WebDAV even when FBA is enabled.


http://blogs.msdn.com/webdav_101/archive/2008/02/01/how-webdav-use-basic-authentication-with-webdav-even-when-fba-is-enabled.aspx


 


WebDAV FBA Authentication Sample Explained.


http://blogs.msdn.com/webdav_101/archive/2008/12/12/webdav-fba-authentication-sample-explained.aspx


 

Comments (2)

  1. Here is some basic information on how FBA authentication is done with WebDAV. To provide some insight

  2. jdcundle says:

    Hi Dan,

    Thank you very much for your sample code.  I was able to run the sample through Visual Studio and it worked perfectly, whether I entered the user id and password or not.  It created the email in the drafts folder and then emailed it off to the recipient.  

    However, when I uploaded the code to my live site, the sample worked perfectly when I supplied the user id and password, but when I do not supply the user id and password I received an exception, 401 unauthorized (unfortunately that is all the detail that I got).  From what I have read, it looks like the issue has something to do with "cross domains" security.  Do you have any suggestions as to what I should do to overcome this exception?

    Thanks,

    John D. Cundle

    jdcundle@cogeco.ca  

Skip to main content