When you do an anonymous POST to the “exchange” virtual folder, you will get back a response which will tell you about which authentication protocols are supported. Each “WWW-Authenticate:” header in the response tells you which type of authentication method is supported. If you get back a 440 Login Timeout with no “WWW-Authenticate:” headers and you do get back “Set-Cookie: “ headers then FBA is likely on. If you get back a 401 Unauthorized and “WWW-Authenticate:” headers, then FBA is off. If you get back a 500 error, then there is probably no authentication enabled (ie just Anonymous authentication is on). FBA Authentication is an override to other authentication methods. Checking the “WWW-Authenticate:” using this method can be used for checking authentication when any other Web API is used - such as EWS and EAS (Exchange Server ActiveSync).
If you do an Anonymous OPTIONS POST such as the following:
OPTIONS https://127.0.0.1/exchange HTTP/1.1
With FBA Enabled you will get back this:
HTTP/1.1 440 Login Timeout
Set-Cookie: sessionid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: cadata=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Date: Tue, 20 Sep 2011 23:15:08 GMT
<HTML><BODY>440 Login Timeout</BODY></HTML>
With FBA not enabled you will get back this:
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=utf-8
WWW-Authenticate: Basic realm="127.0.0.1"
Date: Tue, 20 Sep 2011 23:20:15 GMT
Here are some tools which you might find helpful for doing a POST:
HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections
Note that Fiddler is not a Microsoft prodcut, so we cannot endorse it. However, it is used here at MS quite a bit in Support. This tool can both capture traces and issue/re-issue POST. The RAW tabs are useful for seeing the actual requests and responses.