Adding reCAPTCHA Validation To Your Outlook Web App 2010 Forms-Based Authentication Logon Page
I have written Outlook Web App Captcha articles before, but since I recently encountered the reCAPTCHA utility, I thought it would be an interesting exercise to see if I could somehow incorporate that into the OWA 2010 Forms-Based Authentication (FBA) logon screen (if anyone’s interested in doing it with older versions, you’ll need to let me know).
If you want to try it yourself, you’ll need to go to the reCAPTCHA site, and get a Public key and a Private key for your web site. These will be used in the code that we add to the FBA logon code.
So, first we create this additional ‘proxy’ page on our server. I put it in my C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth folder (along with the existing FBA files). I called it Recaptcha.aspx, and it has the following contents (created in Notepad). Note that you should use your own reCAPTCHA PRIVATE key where it says “6LfPH…”.
<% @ Page AspCompat=True Language = "VB" %> <% ' Put your own private key in the next line Dim strPrivateKey As String = "6LfPH..." Dim strRemoteIP As String = "192.168.1.2" Dim strChallenge = Request("challenge") Dim strResponse = Request("response") Dim objWinHTTP As Object objWinHTTP = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1") objWinHTTP.Open("POST", "http://www.google.com/recaptcha/api/verify", False) objWinHTTP.SetRequestHeader("Content-type", "application/x-www-form-urlencoded") Dim strData As String = "privatekey=" & strPrivateKey & _ "&remoteip=" & strRemoteIP & _ "&challenge=" & strChallenge & _ "&response=" & strResponse objWinHTTP.Send(strData) Dim strResponseText = objWinHTTP.ResponseText Response.Write(strResponseText) %>
Note that Google currently seem to accept anything in that remoteip value. Next, make a backup of the logon.aspx file in the same folder, because we now need to open, and amend, it using Notepad. First, find the <form> tag by searching (using CTRL-F) for text “<form”. When you find it, change it’s action attribute to an empty string, like this (I’m only showing the first part of the line):
<form action="" method="POST" name="logonForm" ENCTYPE= Then, search for the text basicExplanationContent. You should find it in a block like this: <td><%=basicExplanationContent %></td> </tr> <% } %> </table> </td> </tr> <% } %> <tr><td><hr></td></tr>
Immediately after that last line, insert the following code. Again, note that instead of 6LfPH…, you should insert your own reCAPTCHA PUBLIC key:
Nearly there, now. Search for the text “clkLgn”. You’ll find it on a line that ends like this:
(Strings.IDs.LogOn) %>" onclick="clkLgn()"
Change it to read
(Strings.IDs.LogOn) %>" onclick="myClkLgn()"
so that it calls our added code (above) when the user submits the form. Save the file, close Notepad, and that should be it. Your FBA logon page should now look like this: