Click here to Skip to main content
Click here to Skip to main content

Tagged as

ISAPI authentication filter

, 6 Dec 1999 CPOL
Rate this:
Please Sign up or sign in to vote.
This article demonstrates the use of the MFC ISAPI classes to write filters.

In this article the Microsoft SDK ISAPI authentication filter sample was rewritten using MFC ISAPI classes. The filter's funcionality remains exactly the same, the purpose of the article is to demonstrate the use of the MFC ISAPI classes to write filters. Note that this authentication filter is not the most trivial sample, it provides pretty serious functionality (Microsoft refers to it as "A Filter for Advanced Authentication"). The filter functionality is described below using an excerption of Microsoft documentation.

"AuthFilt demonstrates how to write an authentication filter based on an external datasource. Authentication is the process of accepting or denying a request from a client, so AuthFilt will be notified each time an authentication request comes in. This sample uses a file (userdb.txt) to keep track of authorized users, but you might modify this sample to access a database which holds user info.

For each authentication request, AuthFilt first looks in a cache of recently authenticated users, and when that fails, AuthFilt looks in the userdb.txt file. This shows an efficient way to authorize connections: a cache allows the filter to quickly authenticate users, and because each request comes in through the filter, speed is critical."

The project is a standard appwizard generated ISAPI filter. The global functions of the AuthFilt Microsoft sample were encapsulated in the filter class. There are 3 parameters that can be changed to fine tune the filter: the maximum number of cached users, the position after which a cached entry will be moved to the front of the list (to make the search time shorter!) and the name of the file that contains the username/password pairs and the appropriate NT account the username/password should be mapped to. All this parameters are #define directives in the authflit.h header file.

The filter could be improved in several ways: using a database instead of a file for authentication information (you should consider using stored procedures to search and/or to cache!), load parameters from registry, automatic selection of the number of cached users and the list reorder parameter, etc.

The full source code is provided, you will have to compile it in order to get a working filter. Once you have compiled the project you will need to take the following steps to install:

  1. Run REGEDT32.EXE and modify the server's registry as follows. Select the Filter DLLs key in HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Parameters. Add a local path to authfilt.dll, usually C:\WinNT\System32\InetSrv\authfilt.dll. The filter entries are separated by commas. The order is important, if you have other authentication filter with the same priority, the first one listed will receive the authentication request.
  2. Copy the authfilt.dll file to the directory you specified in the registry.
  3. Make sure the System account have execute rights on the filter dll file.
  4. Edit the userdb.txt file so it contains valid users and passwords. The format of the file is:
    User1:Password1, NTUser1:NTPassword1
    User2:Password2, NTUser2:NTPassword2
    User3:Password3, NTUser3:NTPassword3
  5. Copy the userdb.txt file to the directory you specified in the authfilt.h header file for the user database.
  6. Make sure the System account have read rights on the userdb.txt file.
  7. Restart the WWW service.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

No Biography provided

Comments and Discussions

QuestionISAPI Development Question PinmemberFranklinIssac11-Jun-08 9:13 

I am new to this Forum and this is my first message i am posting. Apologies, if i am doing anything wrong - wrong post, wrong topic or something of that kind. Direct me to the right place, in case this is not. Tx

My question is - What is the programming language recommended for a good ISAPI filter application ?

My requirements include building an ISAPI filter for authentication towards LDAP for any O/S and any webservers. Have got some details about how to develop an ISAPI filter for Windows & IIS from the previous articles. But cant assess if the filter developed in VC++ will work for Apache running on unix/linux. The filter must be compatible across platforms - Webservers & O/S.

Any help would be greatly appreciated.

QuestionISAPI for Windows 2003 Server IIS Service not work !? Pinmemberjackie hsu18-Mar-08 19:04 
AnswerRe: ISAPI for Windows 2003 Server IIS Service not work !? Pinmembershanhe24-Aug-09 5:23 
GeneralISAPI authentication filter problem Pinmemberimazing1039-Dec-07 20:35 
GeneralISAPI on ISA Server PinmemberLeoNicolas15-Mar-05 7:01 
GeneralISAPI filter for Windows Shared Services PinmemberSarma Pisapati25-Sep-04 3:10 
QuestionGetting client IP address in ISAPI filters? Pinmembergtyhf8-Jul-04 21:32 
GeneralGetting Session ID without using cookies. Pinmembergtyhf8-Jul-04 21:26 
GeneralRe: Getting Session ID without using cookies. PinmemberGumba14-Sep-04 21:28 
GeneralCannot execute PinsussAnonymous7-Apr-04 23:36 
QuestionHow to use this?? Pinmemberalan9325-Aug-03 13:25 
GeneralProject compiled in VC++.NET is not working PinmemberUdhaya Moorthi5-Aug-03 21:16 
GeneralRe: Project compiled in VC++.NET is not working Pinmemberslimtim25-Nov-03 14:15 
Questionuser/password not being passed?? Pinmemberhanzhanquan2002atyahoocomcn20-Mar-03 17:03 
QuestionHow can I activate this filter!! Pinmembersayhappy2-Dec-02 22:02 
AnswerRe: How can I activate this filter!! Pinmemberhanzhanquan2002atyahoocomcn20-Mar-03 17:11 
GeneralConcurrency issues with the IIS Log PinmemberAnonymous16-Oct-02 12:53 
GeneralGetting IIS 5 SessionID vai ISAPI Filter PinmemberAjith de Silva19-May-02 23:00 
GeneralRe: Getting IIS 5 SessionID vai ISAPI Filter PinsussTaliesin13-Sep-02 22:04 
QuestionWinNT account from ISAPI????? PinmemberJesse20027-May-02 16:43 
QuestionISAPI filter sends HTTP client call? Pinmemberthorsten25-Apr-02 22:20 
GeneralUser not being passed PinmemberGerard Nicol19-Mar-02 17:06 
GeneralRe: User not being passed Pinmemberhanzhanquan2002atyahoocomcn20-Mar-03 16:35 
GeneralRe: User not being passed PinmemberMuhammad Asim Sajjad25-Sep-07 23:29 
GeneralInstall of ISAPI Filter PinmemberAnonymous6-Feb-02 12:58 
GeneralForm based authentication PinmemberBob Cowdery5-Feb-02 23:33 
GeneralRe: Form based authentication PinmemberBob Cowdery6-Feb-02 3:18 
GeneralIIS Filter & Cookie PinmemberAnonymous18-Oct-01 8:31 
Generalcache PinmemberAnonymous18-Oct-01 4:37 
GeneralRe: cache PinmemberAnonymous16-Oct-02 12:21 
GeneralAuthfilt.dll & IIS problem PinmemberAnonymous21-Sep-01 12:13 
GeneralRe: Authfilt.dll & IIS problem PinmemberAnonymous12-Jun-02 11:18 
Questionisapi filter ? Pinmemberyatch8-Aug-01 16:36 
AnswerRe: isapi filter ? PinmemberRajendrappa9-Sep-01 19:47 
GeneralDistributing SSL cert's PinmemberAnonymous11-Jun-01 11:12 
GeneralCan't get it to work PinmemberAnonymous7-Jun-01 4:50 
GeneralRe: Can't get it to work PinmemberThatInstant12-Dec-03 9:46 
GeneralIs it possible One directory, one diferent ACL? (as Apache) PinmemberRafa23-Feb-01 3:02 
GeneralRe: Is it possible One directory, one diferent ACL? (as Apache) PinmemberAnonymous9-Oct-01 3:55 
GeneralAuthentication from database PinsussBill Robinson28-Jul-00 11:55 
GeneralRe: Authentication from database PinmemberTom de Grunt5-Feb-01 1:00 
GeneralRe: Authentication from database PinmemberTaliesin14-Apr-02 21:01 
QuestionWhy map to NT account? PinsussScott4-Jul-00 21:24 
AnswerRe: Why map to NT account? PinmemberAnonymous25-Jan-01 16:24 
GeneralRe: Why map to NT account? PinmemberDaniele Speziale21-Feb-01 22:49 
GeneralRe: Why map to NT account? PinmemberAnonymous17-Apr-01 4:43 
Generalauthentication with LDAP Pinsussdaniele speziale6-Jun-00 22:13 
GeneralRe: authentication with LDAP PinmemberAnonymous5-Sep-01 14:13 
GeneralRe: authentication with LDAP PinmemberJim Willeke13-Apr-02 2:12 
GeneralRe: authentication with LDAP PinmemberPaoloM14-May-02 6:37 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150414.1 | Last Updated 7 Dec 1999
Article Copyright 1999 by Jorge Lodos
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid