Configure Forms-Based Authentication for Outlook Web App
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
You can configure forms-based authentication and the sign-in prompt that's used by forms-based authentication on an Outlook Web App virtual directory on a Client Access server.
Forms-based authentication gives you three options for the default sign-in format. These options change only the text on the Outlook Web App sign-in page. They don't cause a particular format to be required. The user can use any of the standard sign-in formats regardless of the text on the page.
FullDomain This is the domain and user name of the user in the format domain\user name. For example, for a user named Kweku in the domain Contoso, the sign-in would be contoso\kweku.
PrincipalName If user principal name (UPN) sign-in format is specified, the User Name field on the Outlook Web App sign-in page guides the user to enter their e-mail address. For example, kweku@contoso.com. Users can access Outlook Web App by entering their primary e-mail address or by entering their UPN.
UserName This is the user name only and doesn't include the domain name. For example, Kweku. If you use the UserName sign-in prompt for forms-based authentication, you must also specify the DefaultDomain property. The DefaultDomain property determines the default domain to use when a user tries to access Outlook Web App. For example, if the default domain is Contoso, and a domain user named Kweku signs in to Outlook Web App, only Kweku must be entered as the user name. The server will use the default domain Contoso. If the user isn't a member of the Contoso domain, the domain and user name must be entered.
Looking for other management tasks related to forms-based authentication? Check out Setting Up Forms-Based Authentication for Outlook Web App.
Use the EMC to configure forms-based authentication for Outlook Web App
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
In the console tree, select Server Configuration, select Client Access, select the server that hosts the Outlook Web App virtual directory, and then click the Outlook Web App tab.
In the work pane, select the virtual directory that you want to configure to use forms-based authentication, and then click Properties.
Click the Authentication tab.
Select Use forms-based authentication.
Select the sign-in format that you want to use.
Note
You must restart Internet Information Services (IIS) by using the command
iisreset/noforce
for these changes to take effect.
Use the Shell to configure forms-based authentication for Outlook Web App
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
This example configures forms-based authentication on an Outlook Web App virtual directory in the default IIS Web site on the local Exchange server.
Set-owavirtualdirectory -identity "owa (default web site)" -FormsAuthentication:$true
Use the Shell to configure the default sign-in method used by forms-based authentication
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
This example configures a full domain sign-in format,
Set-owavirtualdirectory -identity "owa (default web site)" -LogonFormat FullDomain
This example configures a UPN sign-in format.
Set-owavirtualdirectory -identity "owa (default web site)" -LogonFormat PrincipalName
This example configures a user name sign-in format and sets the default domain.
Set-owavirtualdirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "<domain name>"
Note
You must restart IIS by using the command iisreset/noforce
for these changes to take effect.
For more information about syntax and parameters, see Set-OwaVirtualDirectory.
Other Tasks
After you configure forms-based authentication for Outlook Web App, you may also want to:
Set the Forms-Based Authentication Private Computer Cookie Time-Out Value
Set the Forms-Based Authentication Public Computer Cookie Time-Out Value
© 2010 Microsoft Corporation. All rights reserved.