Inside my ASP.NET application, I would like to add an iframe where I can display the emails from our exchange server for the logged in user. The web application uses forms authentication with custom authentication (passwords are hashed and stored in db).
Is there a way to show OWA within my web app without prompting the user for password (OWA uses windows authentication)? Can I use impersonation in some fashion or establish a trust between my IIS server and the server running OWA?
Has anyone tried this before?
If you are using an iframe for that, then it is a separate process in terms of authentication. Requests from the iframe are sent to OWA server just as you had opened the page in full screen.
However, it is possible to configure your Exchange server to allow windows authentication, see here: http://support.microsoft.com/kb/300656
This way you will authenticate with windows forms authentication to your web application and with windows auth to the OWA server.