ActiveXperts Network Monitor 2019 proactively manages network servers, devices, databases and more.

Microsoft Resource Kits - IIS 6.0 Resource Kit

CustomAuth - IIS 6.0 Resource Kit Utility on Windows-Management.com


The IIS 6.0 Resource Kit Tools helps you administer, secure, and manage IIS (Internet Information Server). Use the resource kit to query log files, deploy SSL certificates, employ custom site authentication, verify permissions, troubleshoot problems, migrate your server, run stress tests, and more.


CustomAuth - Web client authentication alternative to Basic, NTLM, and other Internet Information Services (IIS) authentication methods.


CustomAuth version 1.0 provides a Web client authentication alternative to Basic, NTLM, and other Internet Information Services (IIS) authentication methods. With CustomAuth, you can create a custom logon form for collecting user credentials, or you can use or modify the logon form included with the tool. When you use CustomAuth for authentication, client credentials are retained in a cookie for the duration of the session. And because CustomAuth allows users to log off of a session manually, it is a good solution for public kiosks.


System Requirements

CustomAuth version requires the Microsoft® Windows® Server 2003 operating system.


Sample

Sample CustomAuth.ini File:
[Options]

UseBuiltInLogonPage=1

; If UseBuiltInLogonPage is set to 1 (the default), 
; CustomAuth.dll returns a built-in HTML logon page 
; to collect user credentials. If set to 0, then CustomAuth.dll 
; returns a 302 redirect to the URL specified below with LogonUrl.  

UseBuiltInLogoffPage=1

; If UseBuiltInLogoffPage is set to 1 (the default), CustomAuth.dll 
; returns a built-in HTML response to notify the user that 
; the log off was successful. If set to 0, then CustomAuth.dll 
; returns a 302 redirect to the URL specified below with LogoffURL.  

LogonURL=/Logon.htm

; If UseBuiltInLogonPage is set to 0, you must use LogonURL to 
; specify the URL for the page that collects credentials from 
; the user. If UseBuiltInLogon is set to 1, then CustomAuth 
; uses the built-in logon page, and not the one specified by 
; this URL. The default value is /Logon.htm.  Note: It is 
; acceptable to use absolute URLs, such as 
; https://Myserver/Logon.htm.  

LogoffURL=/logoff.htm

; If UseBuiltInLogoffPage is set to 0, you must use LogoffURL 
; to specify the URL for the page to be returned when a user 
; logs off. If UseBuiltInLogoff is set to 1, then CustomAuth 
; uses the built-in logoff success page and not the one 
; specified by this URL. The default value is /Logoff.htm. 
; Note: It is acceptable to use absolute URLs, such as 
; https://Myserver/Logoff.htm. 

LogonSuccessURL=/

; The LogonSuccessURL setting specifies the page to which 
; users will be directed if they are logged on successfully. 
; For this page, you should deny access to the 
; IUSR_ComputerName (Internet Guest Account). When 
; IUSR_ComputerName is denied, a failed attempt to log 
; on redirects the user back to the logon page. The default 
; value is /, which directs the user to the default page 
; of the default Web site. If you use the default setting, 
; you should ensure that the Enable default content page 
; setting is selected in the Documents tab of the default 
; Web site Properties dialog box. Note: You can use 
; absolute URLs, such as http://Myserver/Logonsuccess.htm, 
; for this setting.

LogonTimeout=1200

; The LogonTimeout setting specifies the amount of time, 
; in seconds, that a user remains logged on between requests. 
; The default value is 1200 (20 minutes). If you set 
; LogonTimeout to 0, the logon time-out feature is disabled, 
; which is not recommended. 

LogonType=Network_Cleartext

; The LogonType setting specifies the type of logon that is 
; performed when a user requests a page. The following are 
; the valid values:
;   Interactive
;   Batch
;   Network
;   Network_Cleartext
;
; The default value is Network_Cleartext. Note: You must have 
; granted the user the privileges necessary for the specified 
; logon type, or the logon attempt fails.

UseSSLForFormSubmission=1

; If UseSSLForFormSubmission is set to 1 (the default) and UseBuiltInLogonPage 
; is set to 1, then CustomAuth.dll's built-in logon form will be 
; submitted over HTTPS. If UseSSLForFormSubmission is set to 
; 0 (not recommended), then the submission is sent in plaintext. 
; If HTTPS is attempted and the server is not configured to 
; use SSL, then the form submission fails. This value is 
; ignored if UseBuiltInLogonPage is 0. 
; Note: The logon form submission is the only request 
; that contains user credentials in plaintext. It is strongly
; recommended that you require SSL. If you use a logon page 
; other than the built-in page and your server supports SSL, 
; you should use HTTPS in the FORM action of your logon page.

UseClientIpForEncryption=1

; If UseClientIpForEncryption is set to 1 (the default), 
; then CustomAuth.dll uses the client's IP address as entropy 
; when it encrypts and decrypts the credential cookie. This 
; ensures that the cookie can be used only by the client to 
; which it was originally sent. Using the client IP for 
; encryption might cause problems if clients are behind a 
; proxy array because IIS may see the same client requests as 
; coming from different IP addresses. If you set
; UseClientIpForEncryption to 0, then the cookie works from 
; any IP address. Important: If you set UseClientIpForEncryption 
; to 0, you should have a reasonably short LogonTimeout value 
; to defend against someone with a network sniffer stealing 
; and reusing the cookie.