newObjects (fromerly known as ZmeY soft) ISAPI Authenticator light
Home Products Development
pixel.gif (49 bytes)
Home
Products by category
ALP area
ISAPI filters
ActiveX
Forums (discussions)
Articles and samples
Buy
Code snippets
A little help
ACOMTools

Read more ...
Click here
ALP is implemented as an Asynchronous Pluggable Protocol. It acts like a WEB server but without need of network. It executes WEB applications such as ASP pages and CGI applications. ALP makes Internet Explorer to be server and client. With ALP you can write stand-alone desktop applications, CD-ROM autoruns, use ASP for pure desktop software and still keep your code ready to run on WEB servers too.
Write desktop software in ASP and CGI!
download it


ASP Focus

Site navigation
Products
ISAPI Filters and WEB Applications

Licensing types legend
(M) Single machine license
(U) Unlimited per-company license
(D) Unlimited development license
(S) Special type of licensing

TotalASP.co.uk

Quick contact
General
zmeyinc@newobjects.com
Support
support@newobjects.com
Sales
sales@newobjects.com

Web development portal

Active visitors
3
Suggested links
Suggest this page to the other visitors. Click the button below to place this page in the list above .

 ISAPI Authenticator light   
Price: $40(M) $100(D) Discount for resalers 40% discount
Information Download Buy
New version - 1.51 !
ISAPI custom authentication filter
Sample installation
Frequently Asked Questions
Download demo now!
Buy from RegNet (per-machine license)
Buy from RegNet (developer license)

Sample installation

- Supose that you have server that answers on the one IP - for example 1.1.1.1
- You created directory c:\hosting as root of customers' sites

Then you have created two virtual sites for your customers:

  • Site1 - placed in the subtree of c:\hosting\site1 and answering only on http://www.site1.com
  • Site2 - placed in the subtree of c:\hosting\site2 and answering only on http://www.site2.com

To do so in the MMC you was created these two sites by choosing "new site" and then editing properties - Site identification to set sites to answer on port 80 and host www.site1.com , www.site2.com respectively (Button "Advanced" on WEB site tab).

Then you are going to install filter and give to the site1 and site2 owners ability to manage its own authorities for user access.

To install filter you create directory c:\ISAPIFILTERS and give acces only for you and system to this directory. Then you must copy authenticator1.dll to this directory and go to the general WWW properties in the MMC (Microsoft Management Console). In the ISAPI filters tab you must install the filter (see usage and installation for details).

Then you created directory c:\authconfig and make it accessible for system, you and site1 and site2 owners. Then you must copy empty configuration file AUTH.CFG here.

Now you create special directory c:\webadmintools and restrict access to it only for you )and potential additional administrators). Copy here the AUTHADMINCGI.EXE and share this directory in the Administration WEB site as virtual directory - for example /webadmin

Then using your browser you are going to the admin site http:/1.1.1.1:some_port/webadmin/AUTHADMINCGI.EXE (see IIS configuration to determine port) and continue with configuration:

  •   Admin tool will generate an error that means that no configuration was specified - enter path to it (c:\authconfig\auth.cfg) and continue.
  • In the general options enter your serial number

Now minimal configuration required by filter was set and you must define what it will do with sites. While nothing else was specified it will pass all requests through (to IIS and NT security) i.e. no change of default behaviuor.

  • Now you must create two authorities - Authority1 and Authority2.
  • Add two bindings:
    for www.site1.com to Authority1 and for www.site2.com to Authority2
  • Create one user in every authority with the same name as site owners are registeres in the NT user manager - for example User1 and User2 and specify do not map in their accounts - filter will pass them through.
  • Create several users that will be used for mapping of the authenticated users and restrict access to the subdirectories of the hosted sites as their owners wish using newly created users.
  • Create directory c:\hostingtools for example and make it avalable in site1 and site2 as virtual directory - for example /authadmin. This directory must be accessible for USer1 and User2 but it must not be accessible for other users (except administrators of course)
  • Instruct User1 and User2 how to use these tools and to not change MapTo flag for their own accounts (It is possible to exist more than one owner of one site)

Now User1 and User2 are able to add/delete/change users in their authorities using /authadmin/AUTHMANCUSTOMERCGI.EXE directory in their sites. Tool will automaticaly determine bindings and expose only bundled authority to them.

What filter will restrict depends on security in site1 and site2 subtrees. Using created for mapping purposes users you can make some subdirectories accessible for users mapped to one and not accessible to users mapped to another. You can these specialy created users as groups for the Authenticator filter. There is no problem to leave some directories accessible for the world. Another recommended task is to set IIS to accept clear text authentication on these sites. Filter will not cause problems itself but browsers like Netscape do not support NT chalenge response authentication and in the other hand this type of authentication drives IE to try with local username and password (hash) first.

 





Copyright newObjects (ZmeY soft) 2001