To create a Google reCAPTCHA site and integrate it into Exchange Server OWA/ECP, go through the below steps:
First create a new Google reCAPTCHA site. Once we have the reCAPTCHA keys, we can integrate them into Exchange Server.
Sign in to Google reCAPTCHA and fill in the below details:
- Label: <Your Project Name>
- reCAPTCHA type: reCAPTCHA v2 – “I’m not a robot” tickbox
- Domains: (your Exchange URL) <example.com>
Check both the checkboxes:
- Accept the reCAPTCHA Terms of Service
- Send alerts to owners
Click on Submit.
Now you have 2 keys : 1. site key 2. secret key
now in your exchange server browse to folder :
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth
Create a new file with Notepad with the name recaptcha.aspx in that folder
edit with notepad and copy this code into it :
<% @ Page AspCompat=True Language = "VB" %>
<%
Dim strPrivateKey As String = "SECRET_KEY"
Dim strResponse = Request("response")
Dim objWinHTTP As Object
objWinHTTP = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
objWinHTTP.Open("POST", "https://www.google.com/recaptcha/api/siteverify", False)
objWinHTTP.SetRequestHeader("Content-type", "application/x-www-form-urlencoded")
Dim strData As String = "secret=" & strPrivateKey & "&response=" & strResponse
objWinHTTP.Send(strData)
Dim strResponseText = objWinHTTP.ResponseText
Response.Write(strResponseText)
%>
Replace “SECRET_KEY” (3rd line) with the key you have create before .
Now we need to configure the Exchange login page to use reCaptcha . First create a backup file, just in case… :
Note: The file logon.aspx will be rewritten to its original state when you install Exchange Server CU. So write down in your manual to replace the file after the CU and test that the Google reCAPTCHA works.
Look for
<form action="/owa/auth.owa"
Change this to (leave the rest of the line untouched):
<form action=""
Then in the file find :
<div onclick="clkLgn()"
Change this to :
<div onclick="myClkLgn()"
Now the Tricky part, you need to add the script in the right place, next look for :
<div><input id="passwordText"
And create few empty line, like this :
Now copy this text in this empty lines leaving one line above and one below :
<script type="text/javascript">
function myClkLgn()
{
var oReq = new XMLHttpRequest();
var sResponse = document.getElementById("g-recaptcha-response").value;
var sData = "response=" + sResponse;
oReq.open("GET", "/owa/auth/recaptcha.aspx?" + sData, false);
oReq.send(sData);
if (oReq.responseText.indexOf("true") != -1)
{
document.forms[0].action = "/owa/auth.owa";
clkLgn();
}
else
{
alert("Invalid CAPTCHA response");
}
}
</script>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="g-recaptcha" data-sitekey="SITE_KEY"></div>
Replace “SITE_KEY” with the one you got from google
Save the file ! That’s IT !!! the captcha should be visible immediately (After refreshing the page)
If this is not that case try restart the IIS by executing on command prompt as administrator
iisreset
make sure you are not confused with the keys
Good Luck