cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

OWA forms-based authentication with basic authentication disabled

Thai_Lam
Brass Contributor

‎Jun 17 2019 12:23 AM

‎Jun 17 2019 12:23 AM

OWA forms-based authentication with basic authentication disabled

Hi everyone,

I am running form based authentication. For some concern, i would like to disable basic authentication


get-OwaVirtualDirectory "owa (Default Web Site)" |fl *auth*
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True WindowsAuthentication : False
DigestAuthentication : False FormsAuthentication : True
LiveIdAuthentication : False AdfsAuthentication : False
OAuthAuthentication : False

ExternalAuthenticationMethods : {Fba}

 

Note the "InternalAuthenticationMethods" is Basic and Fba.


set-OwaVirtualDirectory "owa (Default Web Site)" -BasicAuthentication $false
get-OwaVirtualDirectory "owa (Default Web Site)" |fl InternalAuthenticationMethods
InternalAuthenticationMethods : {}

 

with just setting the "BasicAuthentication" to $false it turns off the form based too. So i tried to enabled the form based again.

 

 

set-OwaVirtualDirectory "owa (Default Web Site)" -FormsAuthentication $true
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}

The basic authentication was automatically turn on by itself again. So i was thinking the form based required the basic authentication. The information on the internet is kind of scarce. Does anyone has any experience on this? Also note the "ExternalAuthenticationMethods" is {Fba} without Basic? Thanks everyone!

Labels:
8,382 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Thai_Lam (Brass Contributor)
Greg Taylor - EXCHANGE

‎Jun 17 2019 09:45 AM

‎Jun 17 2019 09:45 AM

Solution

Re: OWA forms-based authentication with basic authentication disabled

@Thai_Lam Forms Based Auth requires Basic be enabled. That's enforced in code as you saw. 

 

Greg.  

0 Likes
Reply
Thai_Lam

‎Jun 17 2019 08:46 PM

‎Jun 17 2019 08:46 PM

Re: OWA forms-based authentication with basic authentication disabled

@Greg Taylor - EXCHANGE Thank you! Can i also check ExternalAuthenticationMethods : {Fba}, what does this do? Because it seems different then the other .

 

-ExternalAuthenticationMethods is using string base instead of -FormsAuthentication $true or $false and it accepts just only "Fba".

set-OwaVirtualDirectory "owa (Default Web Site)" -ExternalAuthenticationMethods fba

 

 

0 Likes
Reply
Michel de Rooij

‎Jun 17 2019 11:53 PM

‎Jun 17 2019 11:53 PM

Re: OWA forms-based authentication with basic authentication disabled

The individual settings enable (or disable) the respective authentication method on the vdir. ExternalAuthenticationMethods and InternalAuthenticationMethods determine allowed authentication methods when connecting internally or externally. Only methods can be selected which are enabled on the vdir. It's a multi-value, allowing you to specify more than one method (thus displayed differently in output)

0 Likes
Reply
Greg Taylor - EXCHANGE

‎Jun 18 2019 06:39 AM

‎Jun 18 2019 06:39 AM

Re: OWA forms-based authentication with basic authentication disabled

@Michel de Rooij That was the intent when the code was written - but it never worked like that. OWA/Exchange has no idea if the user is internal or external and so those values do nothing. I wouldn't suggest messing with them at all. 

0 Likes
Reply