leederbyshire.com  Mobile web applications for Microsoft Exchange Server.

OWA FBA Captcha Exchange 2003

How To Add A Captcha Input To The Outlook Web Access 2003 Forms-Based Authentication Login Page

Back to Articles page

The Exchange 2003 Outlook Web Access Forms-based Authentication (FBA) mechanism is fairly secure, but some people ask if it's possible to add a Captcha image to it. I will show how it can be done with a freely available script, written by Jonathan Feaster, which is available at http://www.archreality.com/jcap/ .

Download the files and extract them from the archive. Place the files directly inside the C:\Program Files\Exchsrvr\exchweb folder:


Next, you need to locate a folder in C:\Program Files\Exchsrvr\exchweb\bin\auth\ that contains the logon.asp file used by your OWA users. Choose the folder whose name matches the abbreviated language name used by your OWA clients. For example, English-speaking users will receive the logon.asp file contained in C:\Program Files\Exchsrvr\exchweb\bin\auth\usa\ .

Before doing anything else, make a copy of the logon.asp file. Then, open it in Notepad. Press CTRL-F or F3 to do a search, and search for the text </HEAD>. It should be found about three-quarters of the way down the file. Just before the </HEAD> tag, insert the following text:

  <script type="text/javascript" language="javascript" src="/exchweb/md5.js"></script>
  <script type="text/javascript" language="javascript" src="/exchweb/jcap.js"></script>
  <script type="text/javascript" language="javascript">
  function doJcap()
    if (jcap() == true)
      { document.forms[0].action = "/exchweb/bin/auth/owaauth.dll"; return true; }
      { return false; }

The file should look something like this:


Next, press CTRL-F, and search for the text <FORM (deliberately omitting a closing bracket). Insert the following text between the word FORM and the word action :

  onsubmit="return doJcap();"

Then remove the action definition for the <FORM> tag by deleting the text that says action="/exchweb/bin/auth/owaauth.dll" . You will see another <FORM> tag a few lines further down. Make the same changes to it. This part of the page should now look like this:


Just after the second <FORM> tag, you will see a line like this:

  <% End If %>

Immediately after that line, insert the following text:

  <font color="white" size="2"><b>Enter the code as it is shown below:</b>
  <script language="javascript" type="text/javascript">sjcap()</script>
  <noscript>[This resource requires a Javascript enabled browser.]</noscript>

This part of the file now looks like this:


This will simply place the image at the top of the page with an input box directly above it. Save the logon.asp file, and close Notepad.

Next, right-click the jcap.js file, and select Edit. It should open in Notepad. On the line that begins with var imgdir you need to change the path to point underneath the exchweb folder. Change it so that the beginning of the line looks like this:

  var imgdir = "/exchweb/cimg/";

Save the file, and you're finished. The next time you open the FBA logon page, it should look something like this. Also shown is the alert message displayed if the typed text does not match the distorted text in the image.


As with most of these type of modifications, you will need to check that they still function after each product update. Sometimes your modified file will be replaced by a new one from the update.

OWA On Windows Mobile
Copyright © 2018 Lee Derbyshire. All rights reserved.