 | |||
|
|
||
| |||
| |||
| |
|
Home > Configuring ActiveSync authentication in Exchange Server 2007 |
| |
|
|
|
|
| Tutorial: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||
When you install the Client Access Server (CAS) role, Exchange Server creates different IIS virtual directories. Authentication is configured separately for each directory. To configure the ActiveSync authentication method, open the IIS Manager and navigate through the console tree to: <Your server> (Local Computer) -> Web Sites -> Default Web Site -> Microsoft Server ActiveSync (Figure 1).
Right-click on the Microsoft Server ActiveSync virtual directory and choose Properties from the menu. This takes you to the virtual directory's properties sheet. Select the Directory Security tab and click on Edit in the Authentication and Access Control section. You will see the Authentication Methods dialog box (Figure 2).
Basic ActiveSync authentication By default, Exchange is configured to use basic authentication for ActiveSync. This is the simplest authentication method, but it is suitable for most ActiveSync deployments. Basic authentication is based on usernames and passwords. The Client Access Server prompts a user to enter a username and password. When the mobile device is initially configured for use with ActiveSync, a user's credentials are stored. ActiveSync won't work if you don't save the credentials on the mobile device. The mobile device then transmits these credentials to the CAS, which verifies the credentials and grants the user access to the virtual directory. Basic authentication uses clear text when transmitting usernames and passwords. If basic authentication is used by itself, sending passwords in clear text would be a huge security risk. Note: Microsoft recommends using SSL encryption in conjunction with basic authentication. While SSL encryption doesn't prevent passwords from being sent as clear text, it does encrypt the password while in transit. ActiveSync certificate-based authentication ActiveSync certificate-based authentication is similar to basic authentication, but instead uses a digital certificate to confirm a user's identity. Requiring certificate-based authentication prevents users who only have a username and password from using ActiveSync. There are two types of certificates that must be issued to the mobile device for certificate-based authentication to work.
Note: An X.509 certificate is a type of certificate that can be used to facilitate SSL encryption. Regardless of where the X.509 certificate comes from, the client will not trust your CAS unless it trusts the certificate authority that issued the X.509 certificate. By installing a trusted root certificate from the CA onto the mobile device, the device will trust both the CA and the CAS. About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com. Do you have comments on this tip? Let us know. Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.
|
|
|
|
||||||||||||||||||||||||||||||||||
|
|
 |  |  | |  | |  | |  | |  | |  | |  | |  | |
|
|
About Us | Contact Us | For Advertisers | For Business Partners | Site Index | RSS |
|
|
||
|
|||||||
