ISAPI authentication filter


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

In this article the Microsoft SDK ISAPI authentication filter sample was rewrited using MFC ISAPI classes. The filter's funcionality remains exactly the same, the purpose of the article is to demonstrate the use of the MFC ISAPI classes to write filters. Note that this authentication filter is not the most trivial sample, it provides pretty serious functionality (Microsoft refers to it as "A Filter for Advanced Authentication"). The filter functionality is described below using an excerption of Microsoft documentation.

"AuthFilt demonstrates how to write an authentication filter based on an external datasource. Authentication is the process of accepting or denying a request from a client, so AuthFilt will be notified each time an authentication request comes in. This sample uses a file (userdb.txt) to keep track of authorized users, but you might modify this sample to access a database which holds user info.

For each authentication request, AuthFilt first looks in a cache of recently authenticated users, and when that fails, AuthFilt looks in the userdb.txt file. This shows an efficient way to authorize connections: a cache allows the filter to quickly authenticate users, and because each request comes in through the filter, speed is critical."

The project is a standard appwizard generated ISAPI filter. The global functions of the AuthFilt Microsoft sample were encapsulated in the filter class. There are 3 parameters that can be changed to fine tune the filter: the maximum number of cached users, the position after which a cached entry will be moved to the front of the list (to make the search time shorter!) and the name of the file that contains the username/password pairs and the appropriate NT account the username/password should be mapped to. All this parameters are #define directives in the authflit.h header file.

The filter could be improved in several ways: using a database instead of a file for authentication information (you should consider using stored procedures to search and/or to cache!), load parameters from registry, automatic selection of the number of cached users and the list reorder parameter, etc.

The full source code is provided, you will have to compile it in order to get a working filter. Once you have compiled the project you will need to take the following steps to install:

  1. Run REGEDT32.EXE and modify the server's registry as follows. Select the Filter DLLs key in HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Parameters. Add a local path to authfilt.dll, usually C:\WinNT\System32\InetSrv\authfilt.dll. The filter entries are separated by commas. The order is important, if you have other authentication filter with the same priority, the first one listed will receive the authentication request.
  2. Copy the authfilt.dll file to the directory you specified in the registry.
  3. Make sure the System account have execute rights on the filter dll file.
  4. Edit the userdb.txt file so it contains valid users and passwords. The format of the file is:
    User1:Password1, NTUser1:NTPassword1
    User2:Password2, NTUser2:NTPassword2
    User3:Password3, NTUser3:NTPassword3
  5. Copy the userdb.txt file to the directory you specified in the authfilt.h header file for the user database.
  6. Make sure the System account have read rights on the userdb.txt file.
  7. Restart the WWW service.

Download Source Code

Last updated: 31 October 1998


  • How to send request to Http Ext

    Posted by Legacy on 03/19/2003 08:00am

    Originally posted by: Azhar

    How can i send data from my VC application as we can send through web browser.
    Please Help me out

  • Isapi Filter Logon page

    Posted by Legacy on 10/31/2002 08:00am

    Originally posted by: Steven


    I was able to get the AuthFilter working fine with validating a user against a database and mapping to an NT account (Windows 2000).

    I was wondering if anyone knows how to replace the popup window for the username and password (Basic authentication) with a standard HTML web page?

    Thank you for any suggestions.


  • Setting REMOTE_USER

    Posted by Legacy on 08/27/2002 07:00am

    Originally posted by: ballya

    Hi Friends,
    I am developing a custom authentication filter. I don't want to use Basic or NT Challenge/Response authentication scheme.
    After successful authentication, I need to set the REMOTE_USER server variable, so that the Web Application may use it.
    How can I achieve this from the Callback functions OnPreprocHeaders or OnAuthentication ? (or other?)

    I am using MFC to create the Filter.

    Can anybody help me?

  • what's mean?

    Posted by Legacy on 01/16/2002 08:00am

    Originally posted by: cxd

    Add a local path to authfilt.dll, usually C:\WinNT\System32\InetSrv\authfilt.dll. The filter entries are separated by commas


    Posted by Legacy on 12/19/2001 08:00am

    Originally posted by: senthilkumarrajagopal@csc.com

    Do anybody have an idea how to trap the STATUS_PASSWORD_EXPIRED Error code in an ISAPI Filter.


  • doubt on isapi

    Posted by Legacy on 11/25/2001 08:00am

    Originally posted by: jeyasaravanan

    Currently i am doing a project of Developing a New Scripting language like
    Active Server PAges(ASP).
    I am planning to implement some intrinsic functions like looping,conditional checking,printing statements as like in ASP.
    I am using Visual C++ for doing my project as it has got some readymade classes which help for it.
    After this I am planning to provide a server which will understand this scripting language and display as a web page.

    Kindly send me any source code if you can get it regarding my project at the earliest.

    My Scripting Language has statements which follows the 'C' style

    So the problem for me is like i am trying this new concept and i need your help in doing my Project.
    Kindlly reply at the earliest.

    Kindly send me any source code if you can get it regarding my project
    yours faithfully
    ( rkjs1@yahoo.com )

    software requirements : Windows NT with server with OPTION PACK 4 AND VC++(Version 6)

  • Gives Erro :The specified procedure could not be found

    Posted by Legacy on 09/13/2001 07:00am

    Originally posted by: Shahzad

    hi ,
    I m using this filter for Authenticating the user while trying to access a .jpg file.
    I have set the security level for .jpg file as Basic Authentication.The filer authnticates the user with UserBd.txt file.but after authenticating it should show the .jpg file, but instead it gives an Erro:
    The specified procedure could not be found

    Do help me out if anyone can.
    Thanks n regards,

  • Authentication problem

    Posted by Legacy on 06/09/2001 07:00am

    Originally posted by: Tushar Desai

    Hello !
    i have tested your isapi filter, but it dont work with my winNT4.0 amd iis 4.0.
    i have enabled 'basic' authentication scheme.

    i put small code for writing in text file, under the 'onAuthenticate' function, but the text file was also not created ???
    i want to know ,what is the problem ???

    i have also developed one Authentication filter, but i am not getting the username and password of client.
    for checking purpose i have also tried out for writing the username and password value in text file, but, it is blank over there!
    this filter called for mainly two times, i have also noticed that, sometimes this filter calls for four or five times !!i come to know this, by just appending the message to the same text file.
    why, this is happening ?
    plz, Help me !!

    i am waiting for good help ! thanks !
    Bye !
    -Tushar Desai

  • ISAPI Authentication Filter

    Posted by Legacy on 06/04/2001 07:00am

    Originally posted by: Barb Kellerbauer

    I too am experiencing intermittent problems after moving to Windows 2000 IIS version 5.0.

    Any suggestions would be greatly appreciated.


    Barb Kellerbauer

  • the problem to apply to Windows 2000 server

    Posted by Legacy on 04/20/2001 07:00am

    Originally posted by: Bumkyu Kim


    I am Bumkyu Kim for Hunter Tech in Korea.

    When I applled to Windows NT Server 4.0 this filter,
    I had'nt special problem.

    But, as for Windows 2000, this filter did not operate.

    Help me Please. Thank you....

  • Loading, Please Wait ...

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date