Tuesday, 2 December 2008

Customising ISA Server 2006 HTML Forms - Part 1: Simple, Consistent Form Branding

Most people at one time or another want to utilise the HTML form customisation features of ISA Server 2006 when deploying solutions, in order to provide a branded experience for end users. In addition, people often wish to 'sanitise' the text located on the form to make the form appear as generic as possible, as opposed to 'Microsoft' or 'ISA Server' branded.

Although HTML form customisation is covered well in the Microsoft document titled Customizing HTML Forms in ISA Server 2006 I thought it may be useful to share my own thoughts, findings and procedures on HTML customisation through a series of blog articles.

This is the first part in the series and provides a walkthrough of how to provide a simple and consistent brand to HTML forms. As opposed to editing the .htm code itself (as described in the Microsoft article) the approach I use is less invasive and does not require any HTML code changes at all. This has the benefit of being easily transferable between deployments (which is important for my consultancy role) and also ensures that changes can easily be removed or applied to new HTML form directories, as and when necessary. The other key benefit of this approach is that all HTML form pages will inherit the customisations, as opposed to having to edit each individual .htm file in order provide users with consistent branding or the same 'look and feel'.

Please Note: I am assuming that you have read the Microsoft article detailed above and have a general understanding of the HTML form components, structure and terminology.

If we consider the default HTML forms provided out of the box with ISA Server 2006 as a starting point, we can get a better understanding of how to modify the general look and feel of the form.

Starting with the default ISA form, this can be seen below:




If we look at the HTML code for this form (located in the logon_* files) we can break the form down into the following two key graphical components (images):

<td colspan=3><img src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=lgntop.gif" alt=""></td>

<td colspan=3><img src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=lgnbottom.gif" alt=""></td>

These are indicated in the screenshot below, highlighted in orange:



As shown in the above screenshot, the HTML form header and footer are made up of the following image files:

  • lgntop.gif
  • lgnbottom.gif

In addition to these images, a default cascading style sheet is used to define background colour, text colours etc. This style sheet is called logon_style.css

Therefore, all of the above mentioned files can be seen below highlighted in the ISA HTML form directory:



With this knowledge in hand, the simplest and most flexible option to customise the form is to merely replace these default files with customised versions which contain the required branding changes. By replacing each of these default files with each of the following customised files, we should achieve a basic level of brand customisation.

Please Note: Don't forget to restart the Microsoft Firewall service for the file changes to take effect!



Resulting in the following customised ISA default form:


Applying the same approach to the default Exchange HTML form provides similar results. However, as the default Exchange HTML forms includes an additional image in the footer, we also need to update the following file:

  • lgnexlogo.gif

Therefore, all of the above mentioned files can be seen below highlighted in the Exchange HTML form directory:



Resulting in the following customised Exchange form:


If required, my own pre-customised files (for both ISA and Exchange) which produce the above results can be downloaded from here:

Obviously, the company logo will need to be added manually, ideally using a pixel size of 500 x 115 or a very similar size.

Once the 'look and feel' has been modified, we can begin looking at the strings.txt files in order to customise the default text on the HTML form.

Please Note: There are several copies of the strings.txt file and it is necessary to edit the correct files to see your corresponding changes. The section called Form Set Directories in the Microsoft Customizing HTML Forms in ISA Server 2006 article defined above provides more detail on this concept. In summary, you often need to edit both the strings.txt located within the HTML folders and the appropriate language specific strings.txt file located within the HTML\NLS\ folder.

As described within the Microsoft article, strings are used to insert text entries into the resulting HTML forms. Of all of the strings available, I normally change the following key ones:

  • L_WindowTitle_Text
  • L_OWAWindowTitle_Text
  • L_Copyright
  • L_SecuredByISA

A quick overview of common changes is provided below:

The L_WindowTitle_Text and L_OWAWindowTitle_Text strings can be modified to change the text shown in the browser title bar, to make this company or application specific.

The L_Copyright string can be modified to change the text to reference the correct date/company and I often also use this field to add some form of legal disclaimer.

The entire Secured by Microsoft Internet Security and Acceleration Server text can be hidden by modifying this string to a single blank space e.g. " ".

These are just examples of some of the thing I do, but the strings.txt can be fully customised to meet your own personal requirements.

Bringing all this together, we now have a very clean looking form, customised and sanitised as required. The results can be seen for both ISA and Exchange below, with custom changes shown in red for clarity.



Sometimes, people also choose to modify the default Domain\user name: reference and replace this with a simpler Username: label, making it easier for users to understand when in a single domain environment.

This is very simple to achieve using the L_Username_Text string, as shown below:


Resulting in the following form:



So, as can be seen it is actually quite easy modify the default HTML forms to get a very personalised authentication form. The thing I like about this approach is that with the use of style sheet modifications combined with the use of existing image filenames, means that ALL elements of the form will inherit the same standardised 'look and feel' without requiring changes to individual .htm files. This approach also allows for the same changes to easily be applied to a new set of HTML forms, to another array member or they could be have modified by a third party or replaced as part of an ISA service pack or upgrade.

With the 'look and feel' elements covered, Part 2 of the series will show how to restructure some of the less intuitive default forms to provide a better user experience, most appropriately when using two-factor authentication solutions like RSA. More to follow...

UPDATE 05/01/09

A GUI based tool called FBA Editor has been written by Kay Sellenrode to help make some of the above described changes a little easier to achieve. The tool can be downloaded from here. Many thanks to Kay for providing the tool!

33 comments:

  1. Thanks a lot for this really handy post. I have mentioned you in my blog over at http://mossblogger.blogspot.com/.

    ReplyDelete
  2. Great article, but do you know of any way to view these HTML pages in something like Visual Studio.NET so that it's not necessary to keep deploying the files to the ISA Server and restarting the firewall just to see your changes...?

    ReplyDelete
  3. Great article explaining the editing process, I have created a freeware tool to customize the basics through a gui. please take a look at it and let me know what you think.
    the tool is called FBA editor

    On my blog i posted a demo file
    http://geekswithblogs.net/ksellenrode
    you can download it from http://blogs.platani.nl/tools/FBAEditor.exe

    ReplyDelete
  4. >> MarkRae

    I don't think this is possible as you need the firewall engine to remder the cotnent. I personally use an ISA VM in VPC to test and play with my designs and then deploy into production once tested.

    ReplyDelete
  5. Superb stuff! You should definitely contact Microsoft about this, as they have nothing like it...

    ReplyDelete
  6. >> Kay Sellenrode

    Hey Kay, I really like your tool, what a great idea!

    I will test it properly soon and provide some feedback for you!

    Thanks!!

    ReplyDelete
  7. I haven't been able to get the Title changed on the tab in IE. The tab still shows "Microsoft ISA Server 2006". Which strings is supposed to change that.

    Regards,
    Darryl

    ReplyDelete
  8. >> Darryl

    L_WindowTitle_Text or
    L_OWAWindowTitle_Text

    Make sure you restart the firewall service to see changes...

    Cheers

    JJ

    ReplyDelete
  9. Hi Jason,

    Great article - im having similar trouble (hate to admit defeat) im editing the strings.txt file but none of my changes are applied. The image files are updated ok, but just not the strings. Im editing the strings.txt in the HTML directory do i need to do anything to the HTML\nls\ directory?

    ReplyDelete
  10. >> Rob

    I put an assumption in the post that you had read MIcrosoft's article which discusses the structure of the strings.txt.

    Depending on your browser, you normally need to edit the strings.txt found in the NLS directory that applies to your appropriate language.

    The string.txt at the root of HTML is a fallback file is the browser does not define a language to use.

    Check out the article here: http://technet.microsoft.com/en-us/library/bb794733.aspx and look for the Form Set Directories section.

    Cheers

    JJ

    ReplyDelete
  11. *red faced* hmm, yeah got it working now. About 2 minutes after i posted my question, lol.

    ... Such an idiot somtimes, lol.

    Cheers mate, cant wait for the rest of the guides.

    Thanks!

    ReplyDelete
  12. >> All

    I have now added a note to the relevant section of the blog entry to make the use of strings.txt a little clearer...

    Thanks

    JJ

    ReplyDelete
  13. A great post JJ
    I have one question which I don't appear to be able to find an answer to anywhere (as of yet....I live in hope that a mind emmeasurably superior to mine has already sussed it out!)
    I'm trying to find a way in which I can add a very simple scrolling HTML Marquee script to the FBA so that users would be notified when hitting the FBA that particular services (i.e. OWA, MOSS etc) are currently available? I've been playing around with all the htm files trying to add this simple piece of code but I cannot get it to display anywhere? Out of the numerous htm files is there any specific one that requires the code and if there is, is there any specific place in which the code has to be added? i.e. Header or Body?

    Any help on this would be greatly appreciated! Even if it is even possible would be a start!

    Many thanks
    SJ

    ReplyDelete
  14. I'd strongly advise you not to even try using a marquee. They are incredibly irritating...

    ReplyDelete
  15. I understand what you're saying about the annoyance, however in this instance its for an entry point into a network, and therefore user awareness of whether certain services are up for use is imperative to minimise support calls from very inexperienced users. Once they have logged in past the FBS there won't be anymore marquee. However as a visual stimulae as opposed that which is more static it enables us to inform the user and also the set user expectation.

    Imagine someone logging on to their network via FBA where they have various sharepoint portals and owa availability? However due to "whatever" OWA access is unavailable? We would rather inform the user at the point of entry instead of having user report I can't access my email.

    So thanks for the word of warning but I was after a solution not an opinion.

    Cheers

    SJ

    ReplyDelete
  16. As a follow up to Marks comment. I do understand that marquees are irritating however how long do you sit at the ISA FBA page for?

    Not long....

    You enter your username and password and then get on with whatever it is you're trying to get on with. If there was a marquee constantly trying to grab your attention when you were accessing a portal or your email fair enough, that does get on your thrupenny bits, but when its a log on page, you're only going to be on there a matter of seconds. Its about dissemminating information at the right point?

    If you have any better ideas then please feel free to comment on other methods.

    Cheers

    SJ

    ReplyDelete
  17. >> steven

    It sounds like a good idea to me...I will have a think about the best approach and post back soon.

    Thanks for the feedback!

    P.S. I have withheld publishing your very last comment (which I assume was directed at Mark Rae) as I think it was a little unnecessary...

    ReplyDelete
  18. Pingback:

    http://forums.isaserver.org/m_2002079901/mpage_1/
    key_/tm.htm#2002079901

    ReplyDelete
  19. Does anyone know how to change the tab order for this page? I know how to change the tab order in HTML, but it seems like the ISA logon page combines quite a few HTM pages and shows you an image with pieces of each. Has anyone done this before? Thanks!

    ReplyDelete
  20. >> Anon

    Nope, sorry, not something I have looked at.

    My recent 'Part 2' article talks more about structure, so maybe this will be enough to get you started?

    Thanks

    JJ

    ReplyDelete
  21. How do you disable the 'This is a private computer' option easily? Or even better, how do you make that option NOT cache the last authenticated UserID to a client side cookie?

    ReplyDelete
  22. >> tc100years

    I provided some advice on removing the entire public/private section here: http://forums.isaserver.org/m_2002074880/mpage_1/key_hide%2cform/tm.htm#2002074883

    I will have a think about the "no cache" option, but this may be hard coded into the .dll as opposed to the code.

    If you hide the public/private option the default option of public will always be used; this should meet your needs :)

    Cheers

    JJ

    ReplyDelete
  23. >>tc100years

    It would appear that rem'ing out the following line from the 'clkLgn()' function in 'flogon.js' will do the trick:

    document.cookie = "logondata=" + sA + "&" + sL + "; expires=" + oD.toUTCString();

    Cheers

    JJ

    ReplyDelete
  24. Thanx a lot for this very usefull Article.

    Is there a way we can customize the Font/Font size and color of the characters in the Login Page, Example: In L_Copyright

    ReplyDelete
  25. >> Prakesh

    I think that type of formatting is controlled within the CSS file.

    The dev guys tell me that the font sizes are "absolute" so they cannot be changed with IE text size settings (not sure if this matters).

    Cheers

    JJ

    ReplyDelete
  26. I tried to customize our OWA FBA pages on ISA array. Exchanged all four GIFs and .css file with my customized ones on both nodes of array (in NLB) and then restarted one by one both nodes.
    Nothing had changed, I still seen previous GIFs.
    Then I tried to redirect forms on listener to another newly created directory with new customization (original files + my 5 custom ones overwriting old ones), applied configuration to array and then again restarted both nodes.
    Result - nothing has changed, I am still getting original FBA pages.
    Is there anybody who has an idea why I cannot reach it? We already used custom pages when created listeners (worked), and now we tried to update graphics - and cannot get rid of our first customization :(

    ReplyDelete
  27. Ariel Mónaco6 July 2009 21:46

    Hi Anonymous.
    If you modified the US language, try to modidy the EN language too (under the nls folder).
    I had a similar issue today and after modified it, the FBA worked fine.

    Regards,

    ReplyDelete
  28. Hey, you have a great blog here! I'm definitely going to bookmark you! Increasing your web traffic and page views Add, add your website in
    www.directory.itsolusenz.com/ site, it's pretty awesome too!

    ReplyDelete
  29. I followed your artical but after replacing the css styles file I get Internal server errr: element not found, after restoring my olf HTML directoy I still get this, if I change the form to exchange it works but the default ISA form is now broken - any idea?

    ReplyDelete
  30. >> lestat

    Did you restart the MS firewall service after putting the old CSS back?

    I've never had a problem with the CSS file before (or others to my knowledge).

    What version/build number are you running?

    Cheers

    JJ

    ReplyDelete
  31. Hi Jason, Thanks for this excellent article. I have been trying to customise the OWA login page background by inserting a jpg. I have modified the logon_style.css file as follows

    body
    {
    background-color:#0000B9;
    text-align:center;

    background-image: url(“/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=background.jpg”);
    background-repeat: repeat;
    }

    I have managed to customise other items and have manged to change the background colour but the graphic will not display. I've tried lots of combinations, restarting the firewall each time. I'm ready to give up on this. Any light that you could shed on this would be appreciated.

    Thanks
    Paul

    ReplyDelete
  32. Hi again,
    I think I've just got it to display. Instead of
    background-image: url(“/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=background.jpg”);

    I put

    background: url(“/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=background.jpg”);

    This seems to have worked. It's a bit lopsided on the browser screen. I've just got centre/stretch the image now.

    Thanks
    Paul

    ReplyDelete