Exclude OWA loginpage from SSL? 1

[swankman]

Exchange 2003 server on Windows 2003 server. OWA worked great. Installed the SSL from Verisign. OWA still works great. Only snag is - when a user calls up the login page it goes to "The page must be viewed over a secure channel".
I realise that you need to put in https:// to get the proper login screen. My question is - Can you exclude the Login page from the Secure connection? After the user logs in then have it change over to the SSL?
Thanks,
Shaun

 

[rye8261]

Someone can correct me if i am wrong but this login is the most important part for using the ssl, otherwise the password would be sent in cleartext which can be caught by any capable hacker. Using the ssl on the login will help prevent the hacker from gaining the users login info.

Maybe look into a redirection script or something to direct them to the ssl page, or if it is on a website, then change the link to the ssl login page.

 

[Sleighbor]

I added the following code to our logon page so that all the URL is redirected to

https://....

It is right at the top of the page just after all of the CONST statements.

I hope this helps!

Kevin

'***// This was added to force everyone to come in using SSL
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "

https://"

& Request.ServerVariables("SERVER_NAME")
End If

 

[swankman]

Yes SleighBor, thats exactly what I need. Now for the stupid question. Is that added to the logon.asp page or elsewhere? If to that asp page , where exactly. Tried it and it didnt work. If not where would I find the logon page that your talking about?
Thanks for your help man.
S

 

[Sleighbor]

I am pasting my entire logon.asp since I can't see how to attach a file. Save this as c:\inetpub\

http://wwwroot\logon.asp.

Kevin



<% @ ENABLESESSIONSTATE=False LANGUAGE=VBSCRIPT CODEPAGE=1252 %>
<% CONST L_LoginButton_Text = "Log On"
CONST L_WindowTitle_Text = "Microsoft Outlook Web Access"
CONST L_Alt_Text = "Microsoft Office Outlook Web Access provided by Microsoft Exchange Server 2003"
CONST L_ShowUITitle_Text = "Client"
CONST L_ShowDetail_Text = "what's this?"
CONST L_HideDetail_Text = "hide explanation"
CONST L_ShowSimpleUI_Text = "Basic"
CONST L_ShowComplexUI_Text = "Premium"
CONST L_UIDescription_Text = "The premium client provides all Outlook Web Access features."
CONST L_UIBasicDescription_Text = "The basic client provides fewer features than the premium client but offers faster performance. Use the basic client if you're on a slow connection."
CONST L_ShowTrustTitle_Text = "Security"
CONST L_ShowPublicUI_Text = "Public or shared computer"
CONST L_ShowTrustedUI_Text = "Private computer"
CONST L_PublicDescription_Text = "Select this option if you use Outlook Web Access on a public computer."
CONST L_BasicTrustDescription_Text = "Select this option if you are the only person who uses this computer."
CONST L_PremiumTrustDescription_Text = "Select this option if you are the only person who uses this computer. Your Exchange server will allow a longer period of inactivity before logging you off and your User name will be saved for future log in."
CONST L_TrustWarning_Text = "<B>Warning:</B> By selecting this option you acknowledge that the computer complies with your organization's security policy."
CONST L_Password_Text = "Password:"
CONST L_UserName_Text = "User name:"
CONST L_DialogRelogon_Text = "Your session has expired. Return to the Outlook Web Access logon page, and then log on again."
CONST L_DialogCloseButton_Text = "Close Window"
CONST L_ExpireWarning_Text = "To protect your account from unauthorized access, Outlook Web Access automatically closes its connection to your mailbox after a period of inactivity. If your session ends, refresh your browser, and then log on again."
CONST L_401User_Text = "You could not be logged on to Outlook Web Access.<br>Make sure your user name and password are correct, and then try again."
CONST L_LogoffUser_Text = "You have logged off from Outlook Web Access.<br>To log on again, type your user name and password, and then click <B>Log On</B>."
CONST L_RelogonUser_Text = "Your session has expired. To continue your work, please re-enter your domain\alias or your e-mail address and password, and then click <B>Log On</B>."
CONST L_ErrNoActiveScript1_Text = "Your Web browser is configured not to run script or doesn't support script in Web pages. Check your browser settings, or use a browser that can run script. "
CONST L_ErrorClearCerts_Text = "There has been an error removing certificates from this workstation."
CONST sGuid = "{57A118C6-2DA9-419d-BE9A-F92B0F9A418B}"
CONST sCmpGuid = "{b0f84fec-95ad-4f3e-8fc0-6bc1bbadbf0d}"
CONST Scheme_HTTPS = "

https://"

CONST Scheme_HTTP = "

http://"

'***// This was added to force everyone to come in using SSL
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "

https://"

& Request.ServerVariables("SERVER_NAME")
End If

Dim g_CurrentLocale

' Get the current locale of Server
'
' Note: Not all locales (ex FR, GER) use a period for decimal separator
' This causes vbscript errors converting strings to numeric values.
' So conversion from string to numeric should always use the en-us locale
' afterwards the locale is set back to the original value

g_CurrentLocale = GetLocale

' default to current system setting on failure to return a valid locale id
'
If (IsNull(g_CurrentLocale) Or (g_CurrentLocale = "")) Then
g_CurrentLocale = 0
End If

dim reasonCode, redirectPath,szSecure,szServer,szScheme

reasonCode = Request.QueryString("reason")
redirectPath = Request.QueryString("url")
redirectPath = Server.HTMLEncode(redirectPath)

If redirectPath = "" Then
szSecure = Request.ServerVariables("SERVER_PORT_SECURE")
szServer = Request.ServerVariables("SERVER_NAME")
szScheme = Scheme_HTTPS
If szSecure = "0" Then
szScheme = Scheme_HTTP
End If

redirectPath = szScheme & szServer & "/exchange/"
End If

Dim UserText, UserAgentText, PathInfo

UserAgentText = Request.ServerVariables("HTTP_USER_AGENT")
PathInfo = Request.ServerVariables("QUERY_STRING")

Select Case reasonCode
Case "1"
UserText = L_LogoffUser_Text
Case "2"
UserText = L_401User_Text
Case "3"
UserText = L_RelogonUser_Text
Case Else
End Select

Response.CacheControl = "no-cache"
Response.Expires = -1

Dim g_fIsSMimeCapable
Dim g_fIsMSIE5Rich
Dim g_fIsDialogRedirect
Dim g_fTrust
Dim g_sAlign
Dim g_sOpenParen
Dim g_sCloseParen

g_fIsSMimeCapable = isSMimeCapable
g_fIsMSIE5Rich = isMSIE5Rich
g_fIsDialogRedirect = isDialogRedirect

' Variable to turn display of Security on and off
'
g_fTrust = True

if isRTL Then
g_sAlign = "RTL"
g_sOpenParen = "&#x200F;("
g_sCloseParen= "&#x200F"
Else
g_sAlign = "LTR"
g_sOpenParen = "&#x200E;("
g_sCloseParen= "&#x200E"
End If

Public Function isMSIE5Rich
On Error Resume Next

dim iMSIE, szVer, rgszVer, dblVer

isMSIE5Rich = False

SetLocale("en-us")

iMSIE = InStr(1, UserAgentText, "MSIE")

If iMSIE <> 0 Then
szVer = Mid(UserAgentText, iMSIE + 5, 5)
rgszVer = Split(szVer, ";", 2)
dblVer = 0.0

If IsNumeric(rgszVer(0)) Then
dblVer = CDbl(rgszVer(0))
End If

If dblVer > 5.0 And InStr(1, UserAgentText, "Windows CE") = 0 And _
(InStr(1, UserAgentText, "OMAXML") <> 0 Or _
(InStr(1, UserAgentText, "Win") <> 0 And ( _
InStr(1, UserAgentText, "NT") <> 0 Or _
InStr(1, UserAgentText, "2000") <> 0 Or _
InStr(1, UserAgentText, "98") <> 0 Or _
InStr(1, UserAgentText, "95") <> 0 ))) Then
If Err.Number = 0 Then
isMSIE5Rich = True
End If
End If
End If
SetLocale(g_CurrentLocale)
If Err.Number <> 0 Then
Err.Clear
End If
End Function

Public Function isDialogRedirect
If((InStr(1,LCase(PathInfo),"%3fcmd=dialog")<>0) _
Or (InStr(1,LCase(PathInfo),"%3fcmd=spellcheck")<>0) _
Or ((InStr(1,LCase(PathInfo),"%3fcmd=junkemailoptions")<>0) And g_fIsMSIE5Rich) _
Or (InStr(1,LCase(PathInfo),"%3fcmd=editrule")<>0)) Then
isDialogRedirect = True
Else
isDialogRedirect = False
End If
End Function

Public Function isSMimeCapable
On Error Resume Next

isSMimeCapable = false

Dim re, matches

SetLocale("en-us")

Set re = new regexp 'Create the RegExp object
re.Pattern = "MSIE \d+.\d+"
Set matches = re.Execute(UserAgentText)

If matches.Count <> 0 Then
match = matches.Item(0)
re.Pattern = "\d+.\d+"
Set matches = re.Execute(match)

If matches.Count <> 0 Then
If IsNumeric(matches.Item(0)) Then
Dim fCapable
fCapable = (CDbl(matches.Item(0)) >= 6.0)
If Err.Number = 0 Then
isSMimeCapable = fCapable
End If
End If
End If
End If

SetLocale(g_CurrentLocale)

If Err.Number <> 0 Then
Err.Clear
End If
End Function

Public Function isRTL
Dim strAcceptLang, arLanguages
strAcceptLang = Request.ServerVariables("HTTP_ACCEPT_LANGUAGE")
arLanguages = Split(strAcceptLang, ",", 1, 1)

' If array is empty - no accept language is specified
If (UBound(arLanguages) = -1) Then
isRTL = False
Exit Function
End If

If (InStr(1, LCase(arLanguages(0)), "ar") = 1) Or _
(InStr(1, LCase(arLanguages(0)), "he") = 1) Then
isRTL = True
Else
isRTL = False
End If
End Function

Public Function GetMimeAttribs
GetMimeAttribs = ""
If g_fIsSMimeCapable Then
GetMimeAttribs = "xmlns:MSIE xmlns:MIME"
End If
End Function

Public Function GetDLGZIPVal
On Error Resume Next

GetDLGZIPVal = "0"

SetLocale("en-us")

If ( (InStr(UserAgentText, "MSIE") = 0) And InStr(UserAgentText, "Mozilla") ) Then 'its a Netscape-compatible browser
If InStr(UserAgentText, "compatible;") = 0 Then 'its probably a Netscape browser
dim intVersion
If IsNumeric( Mid( UserAgentText, InStr( UserAgentText, "/" ) + 1, 1 ) ) Then
intVersion = CInt(Mid(UserAgentText, InStr(UserAgentText, "/") + 1, 1))
If Err.Number = 0 Then
If intVersion < 5 Then
GetDLGZIPVal = "2"
End If
End If
End If
End If
End If

SetLocale(g_CurrentLocale)

If Err.Number <> 0 Then
Err.Clear
End If
End Function

%>
<!-- <%=sGuid%> -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Copyright (c) 2000-2003 Microsoft Corporation. All rights reserved.-->
<%
Response.Write "<HTML " & GetMimeAttribs & ">"
%>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="0">
<TITLE><%=L_WindowTitle_Text %></TITLE>
<STYLE>
BODY {font-size:70%;}
TABLE {font-size:100%}
<% If g_fIsMSIE5Rich Then %>
INPUT {font-size:100%}
<% End If %>
SELECT, INPUT, TEXTAREA, BUTTON, LABEL, BODY
{
font-family:Tahoma,Arial,Helvetica,Sans-serif;
}
a:link { color: #3D5FA3; text-decoration: none }
a:visited { color: #3D5FA3; text-decoration: none }
a:hover { text-decoration: underline }
.sideBar
{
background-image: url(/exchweb/img/logon_IE_bot.gif);
background-repeat: repeat-y;
vertical-align:left;
height:100%;
}
.logoTD
{
BORDER-TOP-WIDTH: 1px;
BORDER-LEFT-WIDTH: 1px;
PADDING-BOTTOM: 5px;
BORDER-BOTTOM: #ecbe3e 1px solid;
BORDER-RIGHT-WIDTH: 1px;
}
.mainTable
{
BORDER-RIGHT: #243760 1px solid;
BORDER-TOP: #243760 1px solid;
BORDER-LEFT: #243760 1px solid;
BORDER-BOTTOM: #243760 1px solid;
BORDER-COLLAPSE: collapse;
}
.standardTable
{
BORDER-COLLAPSE: collapse;
}
</STYLE>

<NOSCRIPT>
<TABLE id="borderTable" dir="<%=g_sAlign %>" class="standardTable" cellSpacing=0 cellPadding=0 height="100%" width="100%" bgColor="#3D5FA3" border=0>
<TR>
<TD width="25%">&nbsp;</TD>
<TD width="50%">&nbsp;</TD>
<TD width="25%">&nbsp;</TD>
</TR>
<TR>
<TD width="25%">&nbsp;</TD>
<TD width="50%">
<TABLE style="border:2px solid black;" cellpadding=0 cellspacing=0 valign="middle" align="center" BGCOLOR="#FFFFE1" border=0>
<TR><TD rowspan=3 width=20>&nbsp;&nbsp;</TD><TD>&nbsp;</TD><TD rowspan=3 width=20>&nbsp;&nbsp;</TD></TR>
<TR>
<TD>
<font color='red' size=3>
<P><%=L_ErrNoActiveScript1_Text %></P>
</font>
</TD>
</TR>
<TR><TD>&nbsp;</TD></TR>
</TABLE>
</TD>
<TD width="25%">&nbsp;</TD>
</TR>
<TR>
<TD width="25%">&nbsp;</TD>
<TD width="50%">&nbsp;</TD>
<TD width="25%">&nbsp;</TD>
</TR>
</TABLE>
</NOSCRIPT>

<% If g_fIsDialogRedirect Then %>
<SCRIPT language='JavaScript'>
function window.onload()
{
resizeDialog();
}

function resizeDialog()
{
var oBody = window.document.body;
var iHeight = oBody.scrollHeight + (parseInt(window.dialogHeight, 10) - oBody.clientHeight) + 20;
var iWidth = oBody.scrollWidth + (parseInt(window.dialogWidth, 10) - oBody.clientWidth) + 20;
window.dialogHeight = iHeight + "px";
window.dialogWidth = iWidth + "px";
window.dialogTop = Math.round((screen.availHeight - iHeight) / 2);
window.dialogLeft = Math.round((screen.availWidth - iWidth) / 2);

}
</SCRIPT>
<% End If %>
<% If (g_fIsMSIE5Rich And (g_fIsDialogRedirect = False)) Then %>
<SCRIPT language='JavaScript'>
function window.onload()
{
<% If Trim(Request.Cookies("UserName")) <> "" Then %>
logonForm.trusted[1].checked=true;
<% End If %>
<%
' If logoff and IE 6+
If ((1 = reasonCode) And g_fIsSMimeCapable) Then %>
document.execCommand("ClearAuthenticationCache", "false");
try
{
if (oClientCaps.isComponentInstalled("<%=sCmpGuid %>", "ComponentID"))
mimeLogoff.Logoff();
}
catch(e)
{
var str = "Error: " + "(" + "0x" + (hres(e.number).toString(16)) + ")";

if ((e.description!=null) && (e.description.length>0))
str += ": " + e.description;

alert("<%=L_ErrorClearCerts_Text%>\n" + str);
}
<% End If %>
logonForm.username.focus();

var fGZIPSafe = false;
<% 'Do not enable gzip for Windows .Net
If InStr(1, UserAgentText, "Windows NT 5.2") = 0 Then
%>
var nVersion = 5;
var nVerOffset = navigator.appVersion.indexOf("MSIE ");

if (nVerOffset != -1)
{
var nVerT = parseInt(navigator.appVersion.substring(nVerOffset + 5, nVerOffset + 6), 10);
if (!isNaN(nVerT))
nVersion = nVerT;
}

if (nVersion > 6)
{
fGZIPSafe = true;
}
else if (nVersion == 6)
{
var nSP = 0;
var nSPOffset = navigator.appMinorVersion.indexOf("SP");
if (nSPOffset != -1)
{
var nVerT = parseInt(navigator.appMinorVersion.substring(nSPOffset + 2, nSPOffset + 3), 10);
if (!isNaN(nVerT))
nSP = nVerT;
}

if (nSP > 1)
{
fGZIPSafe = true;
}
else
{
var re = /Q(\d+)(?/ig;
var sMinVersion = navigator.appMinorVersion;
var rgMatches = sMinVersion.match(re);
if (rgMatches != null)
{
for (i=0; i < rgMatches.length; i++)
{
var iMinVer = parseInt(rgMatches.substring(1));
if (!isNaN(iMinVer))
if (iMinVer >= 328970)
{
fGZIPSafe = true;
break;
}
}
}
}
}
<% End If 'End check for .Net %>

if (!fGZIPSafe)
logonForm["flags"].value |= 2;
}

function onClickHelp()
{
var oEvtId = window.event.srcElement.id;

switch(oEvtId)
{
case "lnkShowClient":
{
trPremium.style.display='';
trBasic.style.display='';
lnkShowClient.style.display='none';
lnkHideClient.style.display='';
lnkHideClient.focus();
break;
}
case "lnkHideClient":
{
trPremium.style.display='none';
trBasic.style.display='none';
lnkShowClient.style.display='';
lnkHideClient.style.display='none';
lnkShowClient.focus();
break;
}
case "lnkShowTrust":
{
trPublic.style.display='';
trTrusted.style.display='';
trWrn.style.display='';
lnkShowTrust.style.display='none';
lnkHideTrust.style.display='';
lnkHideTrust.focus();
break;
}
case "lnkHideTrust":
{
trPublic.style.display='none';
trTrusted.style.display='none';
lnkShowTrust.style.display='';
lnkHideTrust.style.display='none';
lnkShowTrust.focus();
showWarning();
break;
}
}
}

function showWarning()
{
var oPubDesc = document.all("trPublic");
var rdoTrustedGrp = document.all("trusted");

if (oPubDesc.style.display == "none")
{
if (rdoTrustedGrp[0].checked)
trWrn.style.display = "none";
else
trWrn.style.display = "";
}
}

function onClickSecurity()
{
var rdoTrustedGrp = document.all("trusted");
showWarning();

if (rdoTrustedGrp[0].checked)
document.forms["logonForm"].flags.value &= 11;

else
document.forms["logonForm"].flags.value |= 4;

}


function RememberMyName() {

if (document.all("trusted")[0].checked) {
Delete_Cookie("UserName","/"); }
else {
if (document.logonForm.username.length != 0) {
var days = 14; // valid two weeks from now
var today = new Date();
var zero_date = new Date(0,0,0);
today.setTime(today.getTime() - zero_date.getTime());
var todays_date = new Date(today.getYear(),today.getMonth(),today.getDate(),0,0,0);
var expires_date = new Date(todays_date.getTime() + (days * 86400000));
Set_Cookie("UserName", document.logonForm.username.value,expires_date , "/");
}
}
}


function Set_Cookie(name,value,expires,path,domain,secure) {
document.cookie = name + "=" +escape(value) +
( (expires) ? ";expires=" + expires.toGMTString() : "") +
( (path) ? ";path=" + path : "") +
( (domain) ? ";domain=" + domain : "") +
( (secure) ? ";secure" : "");
}

function Delete_Cookie(name,path,domain) {
if (Get_Cookie(name)) {
document.cookie = name + "=" +
( (path) ? ";path=" + path : "") +
( (domain) ? ";domain=" + domain : "") +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
}
}

function Get_Cookie(name) {
var start = document.cookie.indexOf(name+"=");
var len = start+name.length+1;
if ((!start) && (name != document.cookie.substring(0,name.length))) return null;
if (start == -1) return null;
var end = document.cookie.indexOf(";",len);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(len,end));
}
</SCRIPT>
<% End If ' check for (g_fIsMSIE5Rich And g_fIsDialogRedirect)

' If logoff and IE 6+

If ((1 = reasonCode) And g_fIsSMimeCapable) Then
Response.Write "<STYLE>@media all{MSIE\:clientCaps {behavior:url(#default#clientcaps)}}</STYLE>" & _
"<MSIE:clientCaps id=""oClientCaps"" />" & _
"<OBJECT id=""MimeNS"" classid=""CLSID801B381-B81D-47a7-8EC4-EFC111666AC0""></OBJECT>" & _
"<?IMPORT namespace=""MIME"" implementation=#MimeNS>" & _
"<SCRIPT>function hres(iErr){return iErr + 0xffffffff + 1;}</SCRIPT>"
End If %>
</HEAD>
<% If g_fIsDialogRedirect Then %>
<BODY height="100%" scroll="no" bgcolor="#FFFFFF" text="#000000">
<TABLE dir="<%=g_sAlign %>" height="100%" width="100%" valign="middle" align="center">
<COL width="10%"><COL width="80%"><COL width="10%">
<TR>
<TD>&nbsp;</TD>
<TD>
<CENTER>
<H4 style="color:red"><%=L_DialogRelogon_Text %></H4>
<BR>
<BUTTON onclick="window.close()"><%=L_DialogCloseButton_Text %></BUTTON>
</CENTER>
</TD>
<TD>&nbsp;</TD>
</TR>
</TABLE>
</BODY>
<% Else %>
<% If g_fIsMSIE5Rich Then %>
<BODY scroll="AUTO" bgColor="#FFFFFF" text="#000000" leftMargin=0 topMargin=0>
<FORM action="/exchweb/bin/auth/owaauth.dll" method="POST" name="logonForm" autocomplete="off" onclick="javascript:RememberMyName();">
<% Else %>
<BODY scroll="AUTO" bgColor="#FFFFFF" text="#000000" onload="window.document.logonForm.username.focus()">
<FORM action="/exchweb/bin/auth/owaauth.dll" method="POST" name="logonForm" onclick="javascript:RememberMyName();">
<% End If %>
<INPUT type="hidden" name="destination" value="<%=redirectPath %>">
<INPUT type="hidden" name="flags" value="<%=GetDLGZIPVal %>">
<table cellpadding=0 cellspacing=0 border=0 width=100% background="/exchweb/images/extra.gif">
<tr>
<td valign=top><img src="/exchweb/images/popuplogo.gif">
</td></tr>
<tr><td>
<table cellpadding=0 cellspacing=0 border=0 width=100% bgcolor=white>
<tr><td>
<table cellpadding=0 cellspacing=0 border=0 width=800>

<tr>

<td colspan=2><br><br><img src="/exchweb/images/side_spacer.gif"><font face=verdana size=+1><b>Welcome to Our Company Outlook Access!</b></font><P><br> </td>
</tr>

<tr>
<td width=190><img src="/exchweb/images/side_spacer.gif"><font face=verdana color="#333333" size=+1><b>&nbsp;</b></font></td>
<td valign=top width=650>

<% If "" <> UserText Then %>
<P style="color:red"><%=UserText %></P>
<% End If %>

<TABLE id="contentTable" width="100%" height="100%" cellpadding=0 cellspacing=0 border="0" bgColor="#FFFFFF">
<TR>
<TD Colspan=4>
<font face=verdana color=red size=-1>Please note you have to sign in with your full e-mail address and password.<br></font><br>
In Example:<br>
User name: <font color=blue>john.smith@onecompany.com</font> (<font color=blue>john.smith@twocompany.com</font> for our 2nd division) <br>
Password: <font color=blue>&nbsp;&nbsp;your network password</font> <br><br>
</td></tr>

<TR>
<TD NOWRAP width="1%"><P><LABEL for="username"><%=L_UserName_Text %></LABEL></P></TD>
<TD rowspan=7>&nbsp;&nbsp;</TD>
<TD width="98%"><INPUT type="text" id="username" name="username" style="width:50%" size="25" maxlength="256" value="<%=Request.Cookies("UserName")%>"></TD>
<TD rowspan=4>&nbsp;&nbsp;</TD>
<TD width="1%">&nbsp;</TD>
</TR>
<TR>
<TD height="5"></TD>
<TD valign="top" height="5"><img title="" alt="" src="/exchweb/img/spacer.gif" width=25 height=5></TD>
<TD height=5></TD>
</TR>
<TR>
<TD NOWRAP width="1%"><P><LABEL for="password"><%=L_Password_Text %></LABEL></P></TD>
<TD width="98%"><INPUT type="password" autocomplete="off" style="width:50%" id="password" name="password" size="25" maxlength="256">&nbsp;<INPUT type="submit" value="<%=L_LoginButton_Text %>" id="SubmitCreds" name="SubmitCreds"></TD>
<TD width="1%">&nbsp</TD>
</TR>
<TR>
<TD height="12"></TD>
<TD valign="top" height="12"><img title="" alt="" src="/exchweb/img/spacer.gif" width=25 height=12></TD>
<TD height=12></TD>
</TR>
<%
If g_fIsMSIE5Rich Then
If (isRTL = False) Then
Response.Write "<TR><TD>&nbsp;</TD><TD colspan=4><TABLE cellspacing=0 cellpadding=0 border=0><TR><TD colspan=""2"" width=""100%"" style=""padding-bottom:3px;""><B>" & L_ShowUITitle_Text & "</B>&nbsp;"
Response.Write "(<A id=""lnkShowClient"" href=""#"" onclick=""onClickHelp();return false;"" >" & L_ShowDetail_Text & "</A>"
Response.Write "<A style=""display:none"" id=""lnkHideClient"" href=""#"" onclick=""onClickHelp();return false;"" >" & L_HideDetail_Text & "</A>)</TD></TR>"
Response.Write "<TR><TD colspan=""2""><TABLE cellspacing=0 cellpadding=0 ><TR><TD><INPUT id=""rdoRich"" checked type=""radio"" name=""forcedownlevel"" value=""0"" onclick=""flags.value &= 14""></TD><TD><LABEL for=""rdoRich"">" & L_ShowComplexUI_Text & "</LABEL></TD></TR>"
Response.Write "<TR id=""trPremium"" style=""display:none;""><TD style=""padding-bottom:3px;"">&nbsp;</TD><TD style=""padding-bottom:3px;"">" & L_UIDescription_Text & "</TD></TR></TABLE></TD></TR>"
Response.Write "<TR><TD colspan=""2""><TABLE cellspacing=0 cellpadding=0 ><TR><TD><INPUT id=""rdoBasic"" type=""radio"" name=""forcedownlevel"" value=""1"" onclick=""flags.value |= 1""></TD><TD><LABEL for=""rdoBasic"">" & L_ShowSimpleUI_Text & "</LABEL></TD></TR>"
Response.Write "<TR id=""trBasic"" style=""display:none;""><TD style=""padding-bottom:3px;"">&nbsp;</TD><TD style=""padding-bottom:3px;"">" & L_UIBasicDescription_Text & "</TD></TR></TABLE></TD></TR></TABLE></TD></TR>"
Response.Write "<TR><TD height=6></TD><TD colspan=4 height=6><img title="""" alt="""" src=""/exchweb/img/spacer.gif"" height=6></TD></TR>"
Else
Response.Write "<SCRIPT language=""JScript"">document.logonForm.flags.value&=14;</SCRIPT><INPUT type=""hidden"" name=""forcedownlevel"" value=""0"">"
End If
End If
If g_fTrust Then
Response.Write "<TR><TD>&nbsp;</TD><TD colspan=4><TABLE cellspacing=0 cellpadding=0 border=0><TR><TD colspan=2 width=""100%"" style=""padding-bottom:3px;""><B>" & L_ShowTrustTitle_Text & "</B>&nbsp;"
If g_fIsMSIE5Rich Then
Response.Write g_sOpenParen & "<A id=""lnkShowTrust"" href=""#"" onclick=""onClickHelp();return false;"" >" & L_ShowDetail_Text & "</A>"
Response.Write "<A style=""display:none"" id=""lnkHideTrust"" href=""#"" onclick=""onClickHelp();return false;"" >" & L_HideDetail_Text & "</A>" & g_sCloseParen & "</TD></TR>"
Response.Write "<TR><TD colspan=""2""><TABLE cellspacing=0 cellpadding=0 ><TR><TD><INPUT id=""rdoPublic"" checked type=""radio"" name=""trusted"" value=""0"" onclick=""onClickSecurity();""></TD><TD NOWRAP><LABEL for=""rdoPublic"">" & L_ShowPublicUI_Text & "</LABEL></TD></TR>"
Response.Write "<TR id=""trPublic"" style=""display:none;""><TD style=""padding-bottom:3px;"">&nbsp;</TD><TD style=""padding-bottom:3px;"">" & L_PublicDescription_Text & "</TD></TR></TABLE></TD></TR>"
Response.Write "<TR><TD colspan=""2""><TABLE cellspacing=0 cellpadding=0><TR><TD><INPUT id=""rdoTrusted"" name=""trusted"" type=""radio"" value=""4"" onclick=""onClickSecurity();""></TD><TD NOWRAP><LABEL for=""rdoTrusted"">" & L_ShowTrustedUI_Text & "</LABEL></TD></TR>"
Response.Write "<TR id=""trTrusted"" style=""display:none;""><TD style=""padding-bottom:3px;"">&nbsp;</TD><TD style=""padding-bottom:3px;"">" & L_PremiumTrustDescription_Text & "</TD></TR>"
Response.Write "<TR id=""trWrn"" style=""display:none;""><TD >&nbsp;</TD><TD><FONT color=""red"">" & L_TrustWarning_Text & "</FONT></TD></TR></TABLE></TD></TR></TABLE></TD></TR>"
Else
Response.Write "</TD></TR><TR><TD colspan=""2""><TABLE cellspacing=0 cellpadding=0><TR><TD><INPUT id=""rdoPublic"" checked type=""radio"" name=""trusted"" value=""0"" onclick=""flags.value &= 11""></TD><TD NOWRAP><LABEL for=""rdoPublic"">" & L_ShowPublicUI_Text & "</LABEL></TD></TR><TR><TD height=6><img title="""" alt="""" src=""/exchweb/img/spacer.gif"" height=6></TD><TD height=6></TD></TR>"
Response.Write "<TR id=""trPublic""><TD>&nbsp;</TD><TD>" & L_PublicDescription_Text & "</TD></TR></TABLE></TD></TR><TR><TD height=6><img title="""" alt="""" src=""/exchweb/img/spacer.gif"" height=6></TD><TD height=6></TD></TR>"
Response.Write "<TR><TD colspan=""2""><TABLE cellspacing=0 cellpadding=0><TR><TD><INPUT id=""rdoTrusted"" name=""trusted"" type=""radio"" value=""4"" onclick=""flags.value |= 4""></TD><TD NOWRAP><LABEL for=""rdoTrusted"">" & L_ShowTrustedUI_Text & "</LABEL></TD></TR><TR><TD height=6><img title="""" alt="""" src=""/exchweb/img/spacer.gif"" height=6></TD><TD height=6></TD></TR>"
Response.Write "<TR id=""trTrusted""><TD>&nbsp;</TD><TD>" & L_BasicTrustDescription_Text & "</TD></TR>"
Response.Write "<TR id=""trWrn""><TD>&nbsp;</TD><TD><FONT color=""red"">" & L_TrustWarning_Text & "</FONT></TD></TR></TABLE></TD></TR></TABLE></TD></TR>"
End If
End If
%>
</TABLE>
</td>
</tr>
<tr>
<td valign=top width=150>&nbsp;</td>
<td valign=top width=650><font face=verdana size=-1>
<P><br>
If you have any problems with your log in, <br>please call the Help Desk at
1-800-555-1234 ext. 5555.
<P><img src="/exchweb/images/logo_verisign.gif">
<p>
</font></td></tr>
</table>
</td></tr>
<tr><td>
<table cellpadding=0 cellspacing=0 border=0 width=800>

<tr colspan=3><td colspan=3>&nbsp;</td></tr>
</table>
</td></tr>
<tr><td><img src="/exchweb/images/email_spacer3.gif"></td></tr>
<tr><td>
<table width="100%" cellspacing="0" cellpadding="0" border="0" background="/exchweb/images/animationbar.gif">
<tr>
<td><img src="/exchweb/images/email_spacer2.gif" width="1" height="10" border="0" alt=""></td>
</tr>
</table>
</td></tr>
</table>
</td></tr>
</table>


<table width="95%" border=0>
<tr>
<td width="10">&nbsp;</td>
<td><%=L_ExpireWarning_Text %></td>
</tr>
</table>

<%
If g_fIsMSIE5Rich Then
Response.Write "<IFRAME src=""/exchweb/controls/preload.htm"" style=""display:none""></IFRAME>"
End If

If ((1 = reasonCode) And g_fIsSMimeCapable) Then
Response.Write "<MIME:Logoff id=""mimeLogoff"" style=""display:none"" />"
End If %>
</FORM>
</BODY>
<% End If %>
</HTML>