W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1997

Re: Password Authentication on IIS

From: Derek Harding <derek@fusioni.com>
Date: Thu, 17 Apr 1997 09:42:09 -0700
Message-Id: <199704171642.JAA13269@rainier.tpdinc.com>
To: <www-talk@w3.org>, <christian@recro.hr>
Creating NT users for web access shouldn't cause any security problems,
however it will have limitations on the number of users. :) That said I'd
tackle it by using an ISAPI authentication filter such as this one:
http://philt.babel.fr/philt/daf20/. It will allow you to have
authentication performed against any ODBC source. Furthermore since it is
an ISAPI filter it should be pretty efficient.

Derek Harding
Technical Director, Fusion Interactive
One day I'll be dead and THEN you'll all be sorry.
        -- Terry Pratchett, alt.fan.pratchett

From: christian@recro.hr
To: www-talk@w3.org
Date: Thursday, April 17, 1997 12:54 AM
Subject: Password Authentication on IIS

Does someone have expirience with seting up password authentication on
MS IIServer?
So far, I got to creating a user on NT server, and then including this
ASP source:
If Request.ServerVariables("LOGON_USER") = "" Then
      Response.Status = "401 access denied"
End If
But creating NT server users just for web authentication could be a
serious security hole.
Is there a way to do it like on NCSA httpd?
Of course I could implement my own scripts and encryption algorithms,
but why reinvent
the wheel if someone already done it.

Tnx in advance

Christian Pluym
Received on Thursday, 17 April 1997 12:42:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:33:00 UTC