leederbyshire.com  Mobile web applications for Microsoft Exchange Server.

Block Or Allow OWA Depending On Location 2007

Block Or Allow Selected Users Depending On Location In Microsoft Outlook Web Access 2007

Back to Articles page

Occasionally, someone will ask if it is possible to block or allow certain users from using OWA depending on their location. For example, is it possible to only allow certain users access if they are on the LAN, but not from the Internet? There is currently no built-in way of doing this, but it's possible if you are prepared to make a small change to one of the .aspx pages.

First, locate the startpage.aspx file in C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\forms\premium . Make a backup copy, then open it in Notepad. About 5 lines down, you will see a line like this:

  <%@ Import Namespace="Microsoft.Exchange.Clients.Owa.Premium.Controls" %>
Immediately after it, insert a block of code, like this:
  string strIP = Request.ServerVariables["REMOTE_ADDR"];
  if(strIP.Substring(0, 8) != "192.168.")
    string strUser = Request.ServerVariables["REMOTE_USER"].ToUpper();
    int p = strUser.IndexOf("\\");
    if(p != -1)
      strUser = strUser.Substring(p + 1);
    Boolean blnFound = false;
       (strUser == "USER1")
    || (strUser == "USER2")
      blnFound = true;
    Response.Write("Sorry, you are not allowed to access OWA from this location");
There are a few things to note in this code. In the third line, a check is made on the IP address of the client. In this example, the server is checking to see if the IP address begins with "192.168." (i.e. it is within the private IP addressing range 192.168.x.x . If your addressing scheme is different (e.g. you use something beginning with 10.), you will need to change this line. The second number passed to the .Substring function must match the number of digits you are checking.

The second thing to note is the list of user names:

       (strUser == "USER1")
    || (strUser == "USER2")
this will obviously be different for you. I have formatted it so that you can easily add lines for extra permitted users by inserting something like:
    || (strUser == "USER3")
    || (strUser == "USER4")
inserted lines must begin with || (the c sharp OR operator), and they must come before the final closing bracket at the end of the list.

The last thing to note is that this is a list of permitted users. To make it a list of blocked users, change the line


This takes care of the Premium client. To do the same thing for the Basic client (and to prevent users from circumventing your restrictions), add the same code to the basicmessageview.aspx file in the basic folder. Add the code just before the <html> tag near the beginning of the file.

As with most of these type of modifications, you will need to check that they still function after each product update. Sometimes your modified file will be replaced by a new one from the update.

Outlook Web For Handheld
Copyright © 2018 Lee Derbyshire. All rights reserved.