How to Configure Digest Authentication

  • Article

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic describes how to configure Windows Digest authentication for Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007. Digest authentication transmits passwords over the network as a hash value for additional security. Digest authentication is not fully secure if the user is unable to close the browser and end the browser process between sessions. This problem may occur if the user is using Outlook Web Access on a kiosk. If the browser cannot be closed, the user's credentials remain in the cache where the next user may be able to access them.

Note

Digest authentication can be set only on Exchange 2007 virtual directories.

Before You Begin

To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

The exact steps that you perform when you complete this procedure by using the Exchange Management Console depend on the following:

  • Whether you are running the original release (RTM) version of Exchange 2007 or Exchange 2007 SP1.

  • Whether you are running the Mailbox server role on the computer that is running the Client Access server role.

For detailed information about these differences, see Managing Outlook Web Access Virtual Directories in Exchange 2007.

Procedure

Exchange 2007 SP1

To use the Exchange Management Console to configure Digest authentication for Outlook Web Access

  1. In the Exchange Management Console, locate the virtual directory that you want to configure to use Digest authentication by using the information in step 2 or step 3.

  2. If you are running the Mailbox server role on the computer that is running the Client Access server role, do one of the following:

    • To modify an Exchange 2007 virtual directory, select Server Configuration, select Client Access, and then click the Outlook Web Access tab. The default Exchange 2007 virtual directory is /owa.

    • To modify a legacy virtual directory, select Server Configuration, select Mailbox, and then click the WebDAV tab. The default legacy virtual directories as follows: /Public, /Exchweb, /Exchange, and /Exadmin.

  3. If you are not running the Mailbox server role on the computer that is running the Client Access server role, select Server Configuration, select Client Access, and then click the Outlook Web Access tab.

  4. In the work pane, select the virtual directory that you want to configure to use Digest authentication, and then click Properties.

  5. Click the Authentication tab.

  6. Select Use one or more standard authentication methods.

  7. Select Digest authentication.

  8. Click OK.

To use the Exchange Management Shell to configure Digest authentication for Outlook Web Access

  • To configure Digest authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:

    Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -DigestAuthentication <$true|$false>

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

Exchange 2007 RTM

To use the Exchange Management Console to configure Digest authentication for Outlook Web Access

  1. Open the Exchange Management Console.

  2. Locate Server Configuration\Client Access.

  3. On the Outlook Web Access tab, open the properties of the virtual directory that you want to configure to use Digest authentication.

  4. Click the Authentication tab.

  5. Select Use one or more standard authentication methods.

  6. Select Digest authentication.

  7. Click OK.

To use the Exchange Management Shell to configure Digest authentication for Outlook Web Access

  • To configure Digest authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:

    Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -DigestAuthentication <$true|$false>

For more information about syntax and parameters, see Set-OwaVirtualDirectory (RTM).

For More Information

For more information about the authentication methods that you can use for Outlook Web Access, see the following topics:

For more information about how to help make communication between client computers and the Client Access server more secure, see Managing Client Access Security.