When you do an anonymous POST to the “exchange” virtual folder, you will get back a response which will tell you about which authentication protocols are supported. Each “WWW-Authenticate:” header in the response tells you which type of authentication method is supported. If you get back a 440 Login Timeout with no “WWW-Authenticate:” headers and you do get back “Set-Cookie: “ headers then FBA is likely on. If you get back a 401 Unauthorized and “WWW-Authenticate:” headers, then FBA is off. If you get back a 500 error, then there is probably no authentication enabled (ie just Anonymous authentication is on). FBA Authentication is an override to other authentication methods. Checking the “WWW-Authenticate:” using this method can be used for checking authentication when any other Web API is used - such as EWS and EAS (Exchange Server ActiveSync).
If you do an Anonymous OPTIONS POST such as the following:
OPTIONS https://127.0.0.1/exchange HTTP/1.1User-Agent: FiddlerHost: 127.0.0.1Translate: F
With FBA Enabled you will get back this:
HTTP/1.1 440 Login TimeoutContent-Length: 43Content-Type: text/htmlSet-Cookie: sessionid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMTSet-Cookie: cadata=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMTDate: Tue, 20 Sep 2011 23:15:08 GMT<HTML><BODY>440 Login Timeout</BODY></HTML>
With FBA not enabled you will get back this:
HTTP/1.1 401 UnauthorizedCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.0WWW-Authenticate: NegotiateWWW-Authenticate: NTLMWWW-Authenticate: Basic realm="127.0.0.1"X-Powered-By: ASP.NETDate: Tue, 20 Sep 2011 23:20:15 GMTContent-Length: 6283Proxy-Support: Session-Based-Authentication
Here are some tools which you might find helpful for doing a POST:
HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connectionshttp://support.microsoft.com/kb/284285
Note that Fiddler is not a Microsoft prodcut, so we cannot endorse it. However, it is used here at MS quite a bit in Support. This tool can both capture traces and issue/re-issue POST. The RAW tabs are useful for seeing the actual requests and responses.