W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1997

Re: Password Authentication on IIS

From: Derek Harding <derek@fusioni.com>
Date: Thu, 17 Apr 1997 09:42:09 -0700
Message-Id: <199704171642.JAA13269@rainier.tpdinc.com>
To: <www-talk@w3.org>, <christian@recro.hr>
Creating NT users for web access shouldn't cause any security problems,
however it will have limitations on the number of users. :) That said I'd
tackle it by using an ISAPI authentication filter such as this one:
http://philt.babel.fr/philt/daf20/. It will allow you to have
authentication performed against any ODBC source. Furthermore since it is
an ISAPI filter it should be pretty efficient.

Derek
---
Derek Harding
Technical Director, Fusion Interactive
http://www.fusioni.com/~derek/
__________________________________________________________________________
One day I'll be dead and THEN you'll all be sorry.
        -- Terry Pratchett, alt.fan.pratchett

 ----
From: christian@recro.hr
To: www-talk@w3.org
Date: Thursday, April 17, 1997 12:54 AM
Subject: Password Authentication on IIS

Does someone have expirience with seting up password authentication on
MS IIServer?
So far, I got to creating a user on NT server, and then including this
ASP source:
<% 
If Request.ServerVariables("LOGON_USER") = "" Then
      Response.Status = "401 access denied"
End If
%>
But creating NT server users just for web authentication could be a
serious security hole.
Is there a way to do it like on NCSA httpd?
Of course I could implement my own scripts and encryption algorithms,
but why reinvent
the wheel if someone already done it.

Tnx in advance

--
Christian Pluym
mailto:christian@recro.hr
http://www.recro.hr
Received on Thursday, 17 April 1997 12:42:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:22 GMT