Thursday, December 25, 2008

Implementing Captcha Validation with OWA 2007 and Forms-Based Authentication

A while back, I wrote an article describing how to add a CAPTCHA image and text input field to the Outlook Web Access 2003 Forms-based Authentication logon form. Now that Exchange 2007 is established in the marketplace, I have received a number of requests for an updated article describing how to do the same for Exchange 2007. While the procedure is mostly similar to the OWA 2003 version, there are several important differences in the detail.

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. You will no doubt have seen this implemented in various web pages as an image of a visually distorted common word, which must be typed into an input field, thus proving that you are indeed a real person. This has become necessary to prevent the actions of bots, which roam the web looking for opportunities to inject spam into message boards, etc. Shown here in Figure 1 is an example of such an image. The idea is that a human user will recognize the word 'part', whereas a spambot will not.



Figure 1: A CAPTCHA image displaying the word 'part'

OWA Forms-based Authentication is very secure by itself, of course, since you still need to supply valid credentials to log in, but there is still a significant amount of interest in adding CAPTCHA validation to it. Here, I will show how it can be done by modifying Exchange's logon.aspx file. I have chosen to use a freely available CAPTCHA script written by Jonathan Feaster, which is available for download from Archreality . This script uses JavaScript, and unlike some other solutions has the advantage of not requiring a second .aspx page to process the form input; the validation is done by the user's browser before the credentials are sent to the OWA server. Any CAPTCHA scripts which require a second page will not work with FBA, since there is no opportunity to insert anything between the logon page and the OWA GUI.

Procedure

First, extract the files to a suitable place on the server. There are two .js files, and a folder named cimg, which contains the word images to be displayed on the logon page. Place the entire extracted jcap folder in the C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\auth folder as shown in figure 2:



Figure 2: The extracted jcap files in the auth folder

Next, use Explorer to locate the logon.aspx file that creates the FBA logon page. This is inside the same auth folder that you just placed the jcap folder into. Before doing anything else, make a backup copy of the logon.aspx file. Right-click it, then select Copy, then right-click the folder, and then select Paste. This creates a copy of your logon.aspx file named 'Copy of logon.aspx' . If your modifications are unsuccessful, you will need to revert to this original file to restore FBA functionality. Now, open the logon.aspx using Notepad. I'm going to insert the image just above the 'Public Computer' radio button, so press F3 and search for the text rdoPblc . Assuming that you successfully found the text, insert the following just before the preceding tag:






Enter the code as it is shown below





The result should look something like figure 3:



Figure 3: The amended contents of logon.aspx in Notepad

Next, press CTRL-HOME to go back to the top of the file, and then press CTRL-F, and search for the text

onsubmit="return doJcap();"

This part of the page should now look like that shown in figure 4:



Figure 4: The modified tag

Now save the file back to disk, and close Notepad. All that is required now is a small change to the jcap.js file that was saved in C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\auth\jcap . Right-click the jcap.js file, and select Edit. It should open in Notepad. On the line that begins with var imgdir, you need to change the path to point to the current location of the cimg folder. Change it so that the beginning of the line looks like this:

var imgdir = "/owa/auth/jcap/cimg/";

The complete line looks like this:



Figure 5: Defining the path to the image files

Save the file, and we're finished. The next time you open the FBA logon page, it should look something like this (figure 6). Also shown is the alert message displayed if the typed text does not match the distorted text in the image when you click the Log On button.



Figure 6: The modified FBA logon page

Please remember that due to updates made by Exchange service packs and patches, future versions of the logon.aspx file may be different to the version shown. The basic principles described should, however, remain the same.

40 comments:

Anonymous said...

This is really interesting, You are a very skilled blogger.
I have joined your feed and

look forward to seeking more of your wonderful post.
Also, I've shared

your website in my social networks!
Visit my site ... http://www.eshop-wiki.idhost.kz/index.php?title=Dolores_Spain

Anonymous said...

As a Newbie, I am permanently browsing online for articles that can

aid me. Thank you
My page :: toddwaz.blogspot.co.uk

Anonymous said...

My brother recommended I may like this website. He used to be
entirely right. This put up actually made my day. You cann't

believe just how so much time I had spent for this information! Thanks!
Also see my website > http://Intranet.fundacite-Merida.gob.ve

Anonymous said...

Thank you for the sensible critique. Me & my neighbor were just
preparing to do some research

about this. We got a grab a book from our area library but I think I learned more clear from this post.


I'm very glad to see such magnificent information being shared freely

out there.
My site - classifieds yeovil

Anonymous said...

excellent post, very informative. I wonder why the
other specialists of

this sector don't notice this. You must continue your writing. I'm confident,


you've a great readers' base already!
My website :: http://knowmore.org/wiki/index.php?title=User:MalvinaWhite72

Anonymous said...

Hey there! Do you know if they make any plugins to help with

SEO? I'm trying to get my blog to rank for some targeted keywords but I'm not seeing very good

gains. If you know of any please share. Many thanks!
my web site :: real estate trivandrum

Anonymous said...

F*ckin’ amazing things here. I am very glad
to see your post. Thanks a lot

and i'm looking forward to contact you. Will you kindly drop me a mail?
My web page - barcelonakysten

Anonymous said...

Someone essentially help to make seriously articles I would state.
This is the very

first time I frequented your website page and thus far? I surprised with the research you made
to

create this particular publish amazing. Wonderful

job!
Also see my webpage: mascultura.pe

Anonymous said...

very good put up, i certainly love this web site,

carry on it
Also see my web site - http://facegay.Uni.me

Anonymous said...

Hello there, You've done a great job. I’ll

definitely digg it and personally recommend to my friends. I am confident they will be benefited from this website.
My website > ardulab.com

Anonymous said...

My brother recommended I may like this website.
He was

once totally right. This submit truly made my day.
You can not

believe simply how so much time I had spent for this information!
Thanks!
My website :: valencia norwalk

Anonymous said...

The root of your writing while sounding reasonable

initially, did not settle very

well with me after some time. Somewhere throughout the sentences

you actually were able to make me a believer unfortunately only for a very short while.
I nevertheless have a problem with your jumps in logic and

one might do well to help fill in those gaps. If you actually can accomplish that, I would
certainly end up

being amazed.
my web page: free classifieds lebanon mo

Anonymous said...

Hi! This is kind of off topic but I need some advice from an established blog.

Is it tough to set up your own blog? I'm not

very techincal but I can figure things out pretty quick. I'm
thinking about setting up my own but

I'm not sure where to begin. Do you have any ideas or suggestions? Many thanks
my webpage > nl property management

Anonymous said...

Hi there! Quick question that's entirely off

topic. Do you know how to make your site mobile friendly? My website looks weird when

browsing from my iphone4. I'm trying to find a template
or plugin that

might be able to resolve this issue. If you have any suggestions, please
share.

Appreciate it!
my web site - Xuhfiu.Bbs.mythem.es

Anonymous said...

I’m now not positive the place you're getting your info, however great topic. I needs to spend some time learning

more or working out more. Thank you for fantastic information I used to be on the lookout for

this information for my mission.
my web page > lapalmabirds.blogspot.ru

Unknown said...

Hi Everyone. I'm trying to find the files to download for OWA 2007 but the Archreality site links i've found do not work any more. Can any one please send me the ZIP with the JS and images i needed to get this done? Or a valid link to download them from?

Thanks,

Anthony
arabbito@escope.net

Anonymous said...

The subsequent time I learn a weblog, I hope that it doesnt disappoint me as much as
this one. I imply, I know it was my choice to learn, but I

truly thought youd have one thing interesting to say.
All I

hear is a bunch of whining about something that you could possibly fix in case you werent too busy on the lookout for attention.
My page www.eshop-Wiki.idhost.kz

Anonymous said...

you are really a good webmaster. The website loading speed is amazing.
It seems that

you are doing any unique trick. In addition, The contents are masterpiece.
you've done a magnificent job on this topic!
Also see my webpage :: online buying Websites In uae

Anonymous said...

Thanks a lot for sharing this with all of us you actually realize what you are speaking approximately!
Bookmarked. Please

additionally consult with my website =). We

can have a link change

arrangement between us!
Also see my web site > http://www.catralproperty.net/|www.Catralproperty.net

Anonymous said...

I enjoy what you guys are up too. This sort of clever work and coverage!

Keep up the great works guys I've incorporated you guys to my own blogroll.
My web page - http://www.catral.biz/weather-cam.html

Anonymous said...

Hello, you used to write wonderful, but the last few posts have

been kinda boring… I miss your great writings. Past several
posts are just a little bit out of track! come on!
My website :: http://gobayuenergy.com

Anonymous said...

Hello there, just became alert to your blog through Google, and
found that it's really

informative. I am gonna watch out for brussels. I will be grateful if you continue

this in future. Numerous people will be benefited from your writing. Cheers!
my site: Public Sector Jobs Spain

Anonymous said...

Hi my friend! I wish to say that this post
is amazing, nice written and include

almost all vital infos. I’d like to see more posts like this.


my web page :: http://www.sanfranciscobondstockbrokers.com

Anonymous said...

I appreciate, cause I found exactly what I was looking for.
You've ended my 4 day long hunt! God

Bless you man. Have a great day. Bye

Also visit my web-site beta.Phpmotionwiz.com

Anonymous said...

A formidable share, I simply given this onto a colleague who
was doing somewhat analysis on this. And he in actual fact purchased me breakfast as a result of I
discovered it for him.. smile. So let me reword that: Thnx for the deal with!
However yeah Thnkx for

spending the time to discuss this, I feel strongly about it and love reading more on
this topic. If potential, as you turn out to be expertise, would you
mind updating your blog with extra

details? It's extremely useful for me. Huge thumb up for this

blog publish!

Also visit my web page ... just how to make solar heating

Anonymous said...

Wow that was odd. I just wrote an really long comment but after I clicked

submit my comment didn't show up. Grrrr... well I'm not writing all that over again.
Anyway, just wanted to say fantastic blog!

My web blog: http://Media.goslingfan.com

Anonymous said...

It is appropriate time to make some plans for the long run

and it's time to be happy. I've read this post and if I may
just I wish to suggest you few fascinating issues or advice.
Perhaps you can write next articles

regarding this article. I wish to learn even more things approximately it!


Also visit my web page :: cycling routes galicia

Anonymous said...

Hello, i think that i saw you visited my website thus i came to “return the favor”.
I

am trying to find things to enhance my web site!
I suppose its ok to use some

of your ideas!!

My homepage - free local classifieds Puig

Anonymous said...

Hey there! I just wanted to ask if you ever have any issues
with hackers?

My last blog (wordpress) was hacked and I ended up losing a
few months of hard work due

to no backup. Do you have any solutions to protect against hackers?


My web-site - http://co.de2mano.com/pg/profile/TeneshaHawkins74

Anonymous said...

Valuable info. Lucky me I found your website

unintentionally, and I am shocked why this accident didn't happened earlier! I bookmarked it.

Look at my blog post :: Property Spain

Anonymous said...

You are a very clever person!

Stop by my web page :: catalog.cixx6.com

Anonymous said...

There are definitely plenty of details like that to take into consideration.
That may be a great point to deliver up. I offer the thoughts
above as

common inspiration however clearly there are questions like the one you

deliver up where crucial factor

will likely be working in honest good faith. I

don?t know if greatest practices have emerged around issues like
that, but

I'm sure that your job is clearly recognized as a good game. Both girls and boys feel the impression of just a moment’s

pleasure, for the remainder of their lives.

Feel free to visit my weblog; scottgrimes.net

Anonymous said...

I cling on to listening to the news

talk about receiving free online grant applications so I
have been looking around for

the top site to get one. Could you tell me please, where could i get


some?

Also visit my page - http://keywest-group.com/

Anonymous said...

Thank you for another great post. Where else could

anyone get that type of information in such an ideal way of writing?

I have a

presentation next week, and I'm on the look for such info.

Feel free to visit my blog post: http://www.diysolarheatingspain.com/free-diy-Solar-water-heating-heater-book.html

Anonymous said...

Hello my family member! I want to say that this article is amazing,

nice written and come with almost all vital infos. I’d

like to peer extra posts like this .

My web site; http://www.doloresspain.com/free-spanish-property-classifieds.html

Anonymous said...

Simply desire to say your article is as astonishing. The

clearness in your post is simply great and i can assume you're an expert on this subject. Well with your permission allow me to grab your feed to keep

up to date with forthcoming post. Thanks a million and please carry on the enjoyable work.

Here is my homepage ... http://bawash.com/

Anonymous said...

I like the valuable information you supply on
your

articles. I will bookmark your blog and take a look at again right here

regularly. I'm relatively certain

I will be informed many new stuff proper here! Good luck for the following!

Also visit my site - intellectual property law oxford university press

Anonymous said...

Hello just wanted to give you a quick heads up. The words in your

article seem to be running off the screen in Opera. I'm not sure if this is a

formatting issue or something to do with web browser compatibility but I thought I'd post to let you know.
The design and style look great though! Hope you get

the problem resolved soon. Thanks

Here is my blog post - diy solar powered water heating

Anonymous said...

Hi there this is kind of of off topic but I was

wanting to know if blogs use WYSIWYG editors or if you have
to manually code with HTML. I'm starting a blog soon but have

no coding knowledge so I wanted to get guidance from someone with

experience. Any help would be enormously appreciated!

my blog post: www.en.bartavubon.com

Anonymous said...

I was curious if you ever considered changing the page layout of
your website? Its very well written; I love what youve
got to say. But maybe you could a little more in the way of content

so people could connect with it better. Youve got an awful lot of text for only having one
or two

pictures. Maybe you could space it out better?

Feel free to visit my page: elcheproperty.net