Active Directory Independence

The native digest authentication mechanism as shipped with IIS requires that the IIS server be a member server in an active directory domain to have digest authentication enabled as an option. Implementing and maintaining active directory is a complex undertaking. Additionally, it can be a security risk if proper precautions are not observed. This is in addition to the requirement to store the passwords using reversible encryption. Finally, accessing the active directory data store from a web application can be problematic.

The secure isapi authentication filter described here is an alternative means of achieving digest authentication in a manner which is totally independent of active directory. It also adds defensive capabilities which are not offered in the native implementation.

Its permanent user data store is based on standard sql databases which are easily accessed and modified by web applications. The permanent data store is easily accessed, modified and extended by using standard sql programming techniques.

It has been noted by industry analysts that the use of third party authentication software relieves a licensee from the obligation to purchase additional client access licenses for use by authenticated clients on IIS servers. For some sites, this translates to major cost savings while remaining fully compliant with licensing obligations.


Basic and Digest Authentication Interoperability
Isapi Authentication Filter
table of contents
full printable document





password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved

design -