Office 2008 Planning
55
Authentication
method
Type of
authenticating
server
Description
Forms-based
authentication
Front-end server Forms-based authentication transmits user credentials
through HTML forms that users fill out. The credentials
are then processed by using Basic authentication.
Forms-based authentication requires SSL. Enabling
Forms-based authentication and SSL on a front-end
server makes it possible for an organization to provide
access to Microsoft Exchange resources from the
Internet with programs such as Outlook Web Access
and Entourage in a more secure manner.
Notes
• When they use forms-based authentication,
users must enter their credentials either in the
universal naming convention (UNC) format
(for example, domain\username) or in the user
principal name (UPN) format (for example,
user@domain.com).
• The default domain setting in Internet
Information Services (IIS) can be set only to \
(backslash). This restriction is designed to
support user logins that use the UPN format. If
the default domain setting is changed,
Exchange System Manager resets the default
domain setting to \ on the Web server.
• Cookies are used the same way for Entourage
clients and Outlook Web Access clients that
are connected to an Exchange server. The
Exchange server authenticates the user by
using Forms-based authentication before
Entourage synchronizes the data. Subsequent
transactions during a session, including
synchronization, are authenticated by passing
a cookie from the client to the Exchange
server.