Is there a secure Exchange 5.5, CDO 1.21, IIS 5.0

Results 1 to 2 of 2

Thread: Is there a secure Exchange 5.5, CDO 1.21, IIS 5.0

  1. #1
    Join Date
    Dec 1969

    Default Is there a secure Exchange 5.5, CDO 1.21, IIS 5.0

    Excuse me if this topic has been discussed before but I&#039;m new to the group.<BR><BR><BR>Here&#039;s our environment configuration:<BR><BR>***IIS 5.0 server running under local IUSR account with CDO 1.21 installed. No Outlook installed, no SMTP service running. This is the way we&#039;d like to keep it.<BR><BR>***Separate Exchange 5.5 server.<BR><BR>Our goal is to use CDO to send e-mail from a secure IIS server via the Exchange server. <BR><BR>From what I&#039;ve been able to dig up regarding the above environment configuration it is only possible to send messages with Exchange via a Windows NT domain account that Exchange is able to validate. Because our IIS machine is running under a local machine account, we are unable to use CDO to interface with the Exchange machine.<BR><BR>We&#039;ve tried to impersonate a domain user as outlined on <BR> without luck.<BR><BR>We&#039;ve also verified that setting the IIS anonymous account to use a domain account does in fact work. We believe this to be a terribly insecure configuration. Is this incorrect? Why would anyone allow an IIS box to run under an NT domain account? Are there any other options?<BR><BR>Thanks for your help,<BR><BR>Scott<BR>

  2. #2
    Join Date
    Dec 1969

    Default Basic Authentication

    You have to set Basic Authentication in IIS. It&#039;s a bit annoying having to enter your login info every time you visit the website, and it&#039;s not really secure but you don&#039;t really have any alternatives. Integrated Windows Authentication is great. Both encrypted and you don&#039;t have to enter your login info again once you&#039;re logged in to the domain. But IIS will never know your password. Because of this IIS can&#039;t connect to Exchange when it&#039;s on another server. Using Basic Authentication though sends the NT password in plain language to IIS. That way IIS can pass on the password to Exchange. Unfortunately this is the only way unless you have Exchange on the same server as IIS. Good luck.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts