Hacking OWA in Exchange Server 2007

Something has been on my mind for quite a while. I’d spent hours trawling the net trying to find the answers to my questions but to no avail.

My problem? I’ve just rolled out Exchange Server 2007 at my employer for around 1000 users. We need a mail signature template for all our users and the solutions I’ve been looking at thus far are aren’t up to par.

From what I’ve seen so far, many are implemented as transport agents and append a signature to a message when it first hits the mail server, so after the user has clicked their send button in either OWA, Outlook, or other mail client. It seems counter intuitive to click the send button and only then have the message signature be appended to the message.

So I started doing what it is I normally do when I can’t find an off-the-shelf solution – I make something. I wrote a script that I can now assign as a login script for my users to set their Outlook mail signature when they log in. But what about those who still use OWA?

OWA is actually just a bunch of ASP.NET pages in the “Program Files\ExchangeServer\ClientAccess\OWA” folder on your Exchange Client Access server.

Now there are two flavours to OWA, the “premium” and the “basic” versions. Each version consists of a collection of forms (ASPX pages) which you can easily modify to suit your needs.

So to set a signature on all new messages I made some changes to the editmessages.aspx page in

Program Files\Microsoft\Exchange Server\ClientAccess\OWA\forms\premium

A note of caution: before making any changes, take a backup of the entire OWA folder.

To be brief I added a couple of lines to the end of this file that creates a hidden IFRAME element that loads a page in another location which contains some JavaScript to modify the content of the message body.

<iframe style="visibility:hidden; position: absolute; left: 0px; top: 0px;" id="ifr_ajax_sig"></iframe>

<script language="javascript">

document.getElementById('ifr_ajax_sig').src = '/signature/signature.aspx?un=<%=UserContext.MailboxIdentity.GetLogonName().Replace("\\", "\\\\") %>';

</script>

Your modifications may depend on having access to user specific fields, for example, the mailbox identity (e.g. Domain\Username). The UserContext class contains a whole lot of info relating to the current session and you can call on it from your own code as I have done above.

Despite the lack of documentation on modifying Outlook Web Access, it turns out its not all that hard.