• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publish OWA forms and SSL web site on the same site

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Publish OWA forms and SSL web site on the same site Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publish OWA forms and SSL web site on the same site - 18.Feb.2004 12:07:00 AM   
Persing

 

Posts: 40
Joined: 31.Jan.2004
Status: offline
I just read your "Publishing multiple web sites using a wildcard certificate" which is very good. I didn't understand why you needed a hosts entry. Why not just use an alias in the DNS server?

Anyhow, my problem is with the listener. I assume you cannot have more than one listener per port on a single external IP address. Also, OWA forms is a mutually exclusive type of authentication. Therefore, is it possibe to publish a secure web site AND OWA with forms on the same site with only one external IP address?
Post #: 1
RE: Publish OWA forms and SSL web site on the same site - 18.Feb.2004 1:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

That is a good question. There should be a single listener per IP address, and if forms-based auth is an exclusive auth option, then how do you publish other sites. I'll check into this.

The HOSTS file entry is only required if you don't have a split DNS infrastrucutre in place.

HTH,
Tom

(in reply to Persing)
Post #: 2
RE: Publish OWA forms and SSL web site on the same site - 18.Feb.2004 8:38:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

I tested this and you're correct that a single listener can listen on the same port and IP address. So if you select forms-based auth, all published sites on that listener will generate the log on form. However, the log on form will allow you to access the second site after you log on. And if the second site does not require authentication, you won't even see the form.

HTH,
Tom

(in reply to Persing)
Post #: 3
RE: Publish OWA forms and SSL web site on the same site - 18.Feb.2004 10:47:00 PM   
Persing

 

Posts: 40
Joined: 31.Jan.2004
Status: offline
Thanks for your help Tom,
Now, let me (as you say) "drill down" on this a little. I don't intend to do this, but to illustrate the concept:

I have a wild card certificate, *.Tom.net. I create a listener called Listen443 that listens on 443, and has Outlook Forms checked as the authentication type. On my exchange server I publish OWA and a Web site that I want secure HTTPS access to. My web site is wwwssl.tom.net and I use both mail.tom.net and owa.tom.net to get to outlook. I have published the web site and the outlook site in two publishing rules each with the correct public names for their respective sites. If a User attempts to access Outlook using either public name (mail or owa) he will get the form, and because of the public name he will be authenticated by the cert and forwarded to OWA for Exchange. If the User tries to access wwwssl.tom.net he will get the form but when he authenticates he will be connected with the wwwssl web site.

Now, I also have a web site, www.tom.net that I want to give everyone public access to. I assume I have to define another listener because even if I select port 80 on ListenSSL the only authentication allowed is Outlook Forms. So I define another listener, Listen80 which would listen on port 80 and use integrated authentication. This listener would be used in a third publishing rule to allow access to the public web site.

Now, is all this correct? And could you clarify "And if the second site does not require authentication, you won't even see the form."? Because if you try to use ListenSSL for everything including Port 80, what type of authentication would be implied for plain old HTTP requests when only Outlook Forms was selected in the listener?

(in reply to Persing)
Post #: 4
RE: Publish OWA forms and SSL web site on the same site - 19.Feb.2004 12:24:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

This is an interesting scenario. This is how I interpret it:

First, there is a single IP address on the external interface.

You create a listener, Listener443 and configure it to use forms-based auth. Then you use that listener to publish the OWA site. It works.

You create a second listener, Listener80, and configure that listener to use basic auth. Then you use this listener to publish a second Web site.

When accessing OWA, you will get the form and authentication from that

When accessing the Web site, you will get the basic auth log on box

These two listeners work because the Listner443 isn't listening on 80, because you removed that option, and Listener80 works because it doesn't listen on 443 because you didn't enable that option.

Looks good on paper. Now I need to see if it works [Smile]

Thanks!
Tom

(in reply to Persing)
Post #: 5
RE: Publish OWA forms and SSL web site on the same site - 19.Feb.2004 3:24:00 PM   
Persing

 

Posts: 40
Joined: 31.Jan.2004
Status: offline
Correct. But in addition there is a secure web site wwwssl.tom.net that is also published through listen443. Will he authenticate with the OWA form but actually go to the web site?

Also, I would still like you to clarify your earlier statement "And if the second site does not require authentication, you won't even see the form."? It looks to me like you are saying you could use one listener for everything. But if you try to use Listen443 for everything including Port 80, what type of authentication would be implied for plain old HTTP requests when only Outlook Forms was selected in the listener?

(in reply to Persing)
Post #: 6
RE: Publish OWA forms and SSL web site on the same site - 20.Feb.2004 11:51:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

The Listener443 would be used for SSL sites, and all SSL sites that use this listener will be presented with the form. So, www.ssl.tom visitors will see the form.

All non-SSL sites can be published using the Listener80, then those visitors will never see the form.

HTH,
Tom

(in reply to Persing)
Post #: 7
RE: Publish OWA forms and SSL web site on the same site - 20.Feb.2004 3:23:00 PM   
Persing

 

Posts: 40
Joined: 31.Jan.2004
Status: offline
Thanks Tom,
OK, that of course fits in with the hypothetical case I outlined. I was confused because in your original reply back on the 18th you didn't mention using 2 listeners. I jumped to the conclusion you were doing all this with one listener, and I couldn't understand what authentication would apply to port 80. Actually using 2 listeners makes it a little more organized and less complicated.

(in reply to Persing)
Post #: 8
RE: Publish OWA forms and SSL web site on the same site - 21.Feb.2004 2:29:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Pete,

Thank you! I never would have considered this sort of scenario if you hadn't brough it up. Its a very useful configuration and I'll be writing an article on it in the future.

Thanks!
Tom

(in reply to Persing)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Publish OWA forms and SSL web site on the same site Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts