locked
Hide authToken detail in address bar (URL) when Publish Exchange 2010 (OWA) using ADFS & WAP RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi All,

    We are done to publish Exchange 2010 (OWA) using WAP and Pr-Authentication with ADFS.

    The problem is, when the user successful login to OWA, the url show like https://mail.domain/owa/?authToken="unique code".

    if the users copy the url and paste in new browser, the user can directly open the owa without input id and password.

    do you have suggestion or recommendation to hide information authToken in address bar ?

    Thanks,

    EJ

    Friday, December 7, 2018 4:47 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    You can use IIS URL rewriting to hide it.

    Something like below.

    <rule name="Remove paging parameters" stopProcessing="true">
      <match url="(.*)?$" />
      <conditions trackAllCaptures="true">
        <add input="{QUERY_STRING}" pattern="authtoken=(*.)" />
      </conditions>
      <action type="Redirect" url="{R:1}" appendQueryString="false" />

    Thanks, Ashish MCITP, MCT, MCSE

    Thursday, January 3, 2019 3:40 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    You can use IIS URL rewriting to hide it.

    Something like below.

    <rule name="Remove paging parameters" stopProcessing="true">
      <match url="(.*)?$" />
      <conditions trackAllCaptures="true">
        <add input="{QUERY_STRING}" pattern="authtoken=(*.)" />
      </conditions>
      <action type="Redirect" url="{R:1}" appendQueryString="false" />

    Thanks, Ashish MCITP, MCT, MCSE

    Thursday, January 3, 2019 3:40 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi EJ,

    Did you resolve this? Was the below solution satisfactory?

    I'm having the exact same experience except with an iis site.

    Thanks!

    Friday, March 22, 2019 11:21 AM