Welcome to www.leederbyshire.com - Mobile MS Exchange web applications.
This article explains how to add a CAPTCHA image to the Exchange 2010 Outlook Web Access Forms-based Authentication logon page. Please note that I don't make any claims regarding the effectiveness of this particular solution (which is presented only as an academic example), or of CAPTCHA in general. Having said all that, if CAPTCHA is something that you want to try with your OWA, read on.
A typical CAPTCHA image.
I am using a freely available CAPTCHA script written by Jonathan Feaster, which is available for download from Archreality. This script uses JavaScript, and unlike some other solutions has the advantage of not requiring a second .aspx page to process the form input. The validation is done by the user's browser before the credentials are sent to the OWA server. Any CAPTCHA scripts which require a second page will not work with FBA, since there is no opportunity to insert anything between the logon page and the OWA GUI.
Extract the files to a suitable location on the server.
There are two .js files,
and a folder named cimg,
which contains the captcha images
to be displayed on the logon page.
Place the entire extracted jcap folder in the
The extracted jcap files in the auth folder
Use Explorer to locate the logon.aspx file that creates the FBA logon page. This is inside the same auth folder that you just placed the jcap folder into. Before doing anything else, make a backup copy of the logon.aspx file. Right-click it, then select Copy, then right-click the folder, and then select Paste. This creates a copy of your logon.aspx file named 'logon - Copy.aspx'. If your modifications are unsuccessful, you will need to revert to this original file to restore FBA functionality. Open the logon.aspx using Notepad. I'm going to insert the image just above the 'Public Computer' radio button, so press F3 and search for the text rdoPblc. Assuming that you successfully found the text, insert the following just before the <tr> tag that precedes it:
<script type="text/javascript" language="javascript" src="jcap/md5.js"></script>
<script type="text/javascript" language="javascript" src="jcap/jcap.js"></script>
<script type="text/javascript" language="javascript">
function doJcap()
{
if (jcap() == true)
{document.forms[0].action = "/owa/auth.owa"; return true;}
else
return false
}
</script>
<tr><td colspan="2" align="center">
Enter the code as it is shown below
<script language="JavaScript">sjcap();</script>
<noscript>This resource requires a JavaScript enabled browser</noscript>
</td></tr>
The modified file should look something like this:
The amended contents of logon.aspx in Notepad
Press CTRL-HOME to go back to the top of the file, and then press CTRL-F, and search for the text <form (without a closing angled bracket). Assuming that you successfully found the form tag, remove its action attribute and replace it with the following text:
onsubmit="return doJcap();"
More amendments in Notepad
Now save the file back to disk, and close Notepad.
All that is required now is a small change to the jcap.js file
that was saved in
var imgdir = "/owa/auth/jcap/cimg/";
Defining the path to the image files
Save the file, and we're finished. The next time you open the FBA logon page, it should look something like this. Also shown is the alert message displayed if the typed text does not match the CAPTCHA text.
The modified FBA logon page in IE
Copyright © 2003 - 2012 Lee Derbyshire. All rights reserved.
