Adding Google no-captcha reCAPTCHA Validation To Your Microsoft Exchange 2013 Outlook Web App Forms-Based Authentication Logon Page
Having already written an Outlook Web App reCaptcha article for Exchange 2010, I thought I’d try it with Exchange 2013. Here are the results.
If you want to try it yourself, you’ll need to go to the reCAPTCHA site, and get a Public key and a Private key for your web site. These will be used in the code that we add to the FBA logon code.
So, first we create this additional ‘proxy’ page on our server. I put it in my C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth folder (along with the existing FBA files). I called it Recaptcha.aspx, and it has the following contents (created in Notepad). Note that you should use your own reCAPTCHA PRIVATE key where it says “6LfPH…”.
<% @ Page AspCompat=True Language = "VB" %> <% ' Put your own private key in the next line Dim strPrivateKey As String = "6LfPH..." Dim strResponse = Request("response") Dim objWinHTTP As Object objWinHTTP = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1") objWinHTTP.Open("POST", "https://www.google.com/recaptcha/api/siteverify", False) objWinHTTP.SetRequestHeader("Content-type", "application/x-www-form-urlencoded") Dim strData As String = "secret=" & strPrivateKey & _ "&response=" & strResponse objWinHTTP.Send(strData) Dim strResponseText = objWinHTTP.ResponseText Response.Write(strResponseText) %>
Next, make a backup of the logon.aspx file in the same folder, because we now need to open, and amend, it using Notepad. First, find the <form> tag by searching (using CTRL-F) for the text “<form”. When you find it, change it’s action attribute to an empty string, like this (I’m only showing the first part of the line):
<form action="" method="POST" name="logonForm" ENCTYPE=
Then, search for the text showPasswordCheck checkboxLabel. You should find it in a line that begins like this:
<div class="showPasswordCheck checkboxLabel">
Immediately after the closing </div> a few lines later, insert the following code. Again, note that instead of 6Le8H…, you should insert your own reCAPTCHA PUBLIC key:
Nearly there, now. Search for the text “clkLgn”. You’ll find it on a line that starts like this:
<div class="signInEnter"><div onclick="clkLgn()"
Change it to read
<div class="signInEnter"><div onclick="return myClkLgn()"
so that it calls our added code (above) when the user submits the form. Save the file, close Notepad, and that should be it.