Export (0) Print
Expand All

How to Configure Digest Authentication

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2007-08-16

This topic describes how to configure Windows Digest authentication for Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007. Digest authentication transmits passwords over the network as a hash value for additional security. Digest authentication is not fully secure if the user is unable to close the browser and end the browser process between sessions. This problem may occur if the user is using Outlook Web Access on a kiosk. If the browser cannot be closed, the user's credentials remain in the cache where the next user may be able to access them.

noteNote:
Digest authentication can be set only on Exchange 2007 virtual directories.

To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

The exact steps that you perform when you complete this procedure by using the Exchange Management Console depend on the following:

  • Whether you are running the original release (RTM) version of Exchange 2007 or Exchange 2007 SP1.

  • Whether you are running the Mailbox server role on the computer that is running the Client Access server role.

For detailed information about these differences, see Managing Outlook Web Access Virtual Directories in Exchange 2007.

  1. In the Exchange Management Console, locate the virtual directory that you want to configure to use Digest authentication by using the information in step 2 or step 3.

  2. If you are running the Mailbox server role on the computer that is running the Client Access server role, do one of the following:

    • To modify an Exchange 2007 virtual directory, select Server Configuration, select Client Access, and then click the Outlook Web Access tab. The default Exchange 2007 virtual directory is /owa.

    • To modify a legacy virtual directory, select Server Configuration, select Mailbox, and then click the WebDAV tab. The default legacy virtual directories as follows: /Public, /Exchweb, /Exchange, and /Exadmin.

  3. If you are not running the Mailbox server role on the computer that is running the Client Access server role, select Server Configuration, select Client Access, and then click the Outlook Web Access tab.

  4. In the work pane, select the virtual directory that you want to configure to use Digest authentication, and then click Properties.

  5. Click the Authentication tab.

  6. Select Use one or more standard authentication methods.

  7. Select Digest authentication.

  8. Click OK.

  • To configure Digest authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:

    Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -DigestAuthentication <$true|$false>
    

For more information about syntax and parameters, see Set-OwaVirtualDirectory.

  1. Open the Exchange Management Console.

  2. Locate Server Configuration\Client Access.

  3. On the Outlook Web Access tab, open the properties of the virtual directory that you want to configure to use Digest authentication.

  4. Click the Authentication tab.

  5. Select Use one or more standard authentication methods.

  6. Select Digest authentication.

  7. Click OK.

  • To configure Digest authentication on the default Outlook Web Access virtual directory in the default Internet Information Services (IIS) Web site on the local Exchange server, open the Exchange Management Shell and run the following command:

    Set-OwaVirtualDirectory -Identity "owa (Default Web Site)" -DigestAuthentication <$true|$false>
    

For more information about syntax and parameters, see Set-OwaVirtualDirectory (RTM).

For more information about the authentication methods that you can use for Outlook Web Access, see the following topics:

For more information about how to help make communication between client computers and the Client Access server more secure, see Managing Client Access Security.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft