locked
Hide authToken detail in address bar (URL) when Publish Exchange 2010 (OWA) using ADFS & WAP RRS feed

  • Question

  • Hi All,

    We are done to publish Exchange 2010 (OWA) using WAP and Pr-Authentication with ADFS.

    The problem is, when the user successful login to OWA, the url show like https://mail.domain/owa/?authToken="unique code".

    if the users copy the url and paste in new browser, the user can directly open the owa without input id and password.

    do you have suggestion or recommendation to hide information authToken in address bar ?

    Thanks,

    EJ

    Friday, December 7, 2018 4:47 PM

Answers

  • You can use IIS URL rewriting to hide it.

    Something like below.

    <rule name="Remove paging parameters" stopProcessing="true">
      <match url="(.*)?$" />
      <conditions trackAllCaptures="true">
        <add input="{QUERY_STRING}" pattern="authtoken=(*.)" />
      </conditions>
      <action type="Redirect" url="{R:1}" appendQueryString="false" />


    Thanks, Ashish MCITP, MCT, MCSE

    Thursday, January 3, 2019 3:40 PM

All replies

  • You can use IIS URL rewriting to hide it.

    Something like below.

    <rule name="Remove paging parameters" stopProcessing="true">
      <match url="(.*)?$" />
      <conditions trackAllCaptures="true">
        <add input="{QUERY_STRING}" pattern="authtoken=(*.)" />
      </conditions>
      <action type="Redirect" url="{R:1}" appendQueryString="false" />


    Thanks, Ashish MCITP, MCT, MCSE

    Thursday, January 3, 2019 3:40 PM
  • Hi EJ,

    Did you resolve this? Was the below solution satisfactory?

    I'm having the exact same experience except with an iis site.

    Thanks!

    Friday, March 22, 2019 11:21 AM