You administer the Messaging Server in a Windows Essential Business Server 2008 environment. You configure Outlook Web Access (OWA) on the Messaging Server to enable users to access their mailboxes from the Internet. You want to ensure that when users access their mailboxes by using OWA, the logon credential and password information is stored in cookies.
Which authentication method should you configure for OWA?
A.
Digest authentication
B.
Forms-based authentication
C.
Smart card and certificate authentication
D.
RSA SecurlD authentication
Explanation:
You should configure forms-based authentication. Forms-based authentication enables a logon page for Outlook Web Access only. This authentication method uses a cookie to store the user’s encrypted logon credentials in the Internet browser, enabling the Exchange Server 2007 to monitor the activity of Outlook Web Access sessions on public and private computers. If an Outlook Web Access session is idle for a longer than a specified period, the server blocks access until the user re-authenticates the logon credentials.You should not configure the Digest authentication method because it does not store user credentials in a cookie. Digest authentication transmits passwords over the network as a hash value for additional security. Digest authentication is not fully secure if the user is unable to close the browser and end the browser process between sessions.
You should not configure the Smart card and certificate authentication method because this authentication method does not store user credentials in a cookie. This authentication method uses a certificate stored on a smart card. A certificate authentication method uses the Extensible Authentication Protocol (EAP) and Transport Layer Security (TLS) protocols. In EAP-TLS certificate authentication, the client and the server prove their identities to one another.
You should not configure the RSA SecurlD authentication method because this authentication method does not store user credentials in a cookie. RSA SecurlD is a third-party product that can be used for authentication on the Client Access server.