Hi all

Is it achievable to use an application login to bypass the Basic
authentication prompt?  Via ISAPI?

Thanks in advance!

Regards,
Kenneth

[ Post a follow-up to this message ]

Sure. But in this case you set IIS up with Anonymous access to your sites.
On default page you set up options for logging in where users can e.g. get
appropriate cookie. All other sites on your server can then check if users
accessing the site are authenticated (e.g. if they have cookie).

In Internet Information Services (IIS) 6.0 Resource Kit Tools there is a
sample of similar authentication. Download IIS RK and take a look at
CustomAuth...

--
Mike
Microsoft MVP - Windows Security


"Kenneth Koh" <plshelpmepls@hotmail.com> wrote in message
news:1131169446.199405.281930@z14g2000cwz.googlegroups.com...
> Hi all
>
> Is it achievable to use an application login to bypass the Basic
> authentication prompt?  Via ISAPI?
>
> Thanks in advance!
>
> Regards,
> Kenneth
>

[ Post a follow-up to this message ]

Hi Mike

Thanks for the reply.

The problem we are facing now is that this website uses MS CRM 1.2.
The product requires either Basic or Windows Integrated and cannot be
set to Anonymous.

If we use the CustomAuth ISAPI and do our own login, will it still be
considered as Basic or integrated?

Thanks!

Kenneth

[ Post a follow-up to this message ]

If you don't want the Basic authentication prompt to pop up, then do not
enable the authentication protocol in IIS. This prevents IIS from returning
the 401 response (which is obligatory if you enable authentication and
client is *not* yet authenticated via any of the public standard protocols)
which causes the client to pop up the login prompt.

If you want to perform custom authentication protocol, then you either need
to purchase a proprietary solution or write your own.

CustomAuth sample in the IIS Platform SDK shows how to use an HTML form to
post encrypted username/password to IIS which uses that username/password to
perform an NT login (in other words, it's just like Basic authentication
except with an HTML form instead of plain login dialog box). If you want to
use non-Windows username/password, you need to modify the source code to do
the username/password lookup.

I have some sample code snippets showing how to do all this, assuming you
know how to download the Platform SDK and compile source code. Everything is
freely available.
http://blogs.msdn.com/david.wang/ar...
INI_file.aspx

You probably want to wonder around my blog to read up on the general subject
of customizing authentication on IIS.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Kenneth Koh" <plshelpmepls@hotmail.com> wrote in message
news:1131169446.199405.281930@z14g2000cwz.googlegroups.com...
Hi all

Is it achievable to use an application login to bypass the Basic
authentication prompt?  Via ISAPI?

Thanks in advance!

Regards,
Kenneth

[ Post a follow-up to this message ]

Thanks Both!

May the force be with you.     

Regards,
Kenneth

[ Post a follow-up to this message ]

If you use CustomAuth ISAPI, it will be considered Anonymous by applications
that use the AUTH_TYPE server variable to determine authentication type,
even though it will configure the user token just like Basic or Integrated.

It is basically a one line change in CustomAuth ISAPI to make it "fake"
AUTH_TYPE server variable to be whatever you want (such as "Basic" or
"NTLM"), and it should be unnoticible to other software running on IIS.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Kenneth Koh" <plshelpmepls@hotmail.com> wrote in message
news:1131179065.000996.212120@o13g2000cwo.googlegroups.com...
Hi Mike

Thanks for the reply.

The problem we are facing now is that this website uses MS CRM 1.2.
The product requires either Basic or Windows Integrated and cannot be
set to Anonymous.

If we use the CustomAuth ISAPI and do our own login, will it still be
considered as Basic or integrated?

Thanks!

Kenneth

[ Post a follow-up to this message ]

Hi David

I've finallly managed to get the source codes from the platform SDK CD
but there's 111 errors when compiling the samples (without changing
codes, except to change the locations of all the header files).
I've hit errors like
syntax error : identifier 'HSE_EXEC_URL_USER_INFO'

Is there another location where i can find a working sample?

Thanks!

[ Post a follow-up to this message ]

It sounds like you do not have a correct build environment set up.

The sample code works - I've installed the same code from the Platform SDK,
and it compiled just fine for me. No code changes necessary. I used Visual
Studio C++ 6 to open up the project (after fixing some pathnames in the
project file), added the include/lib paths from the SDK to the front
(remember, I want to compile against the updated httpext.h from the SDK, not
the old one from VC++), and it built just fine.

At this point, you need to make some custom code changes to hack into the
needs of your specific scenario, so you must figure out how to compile
correctly.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Kenneth Koh" <plshelpmepls@hotmail.com> wrote in message
news:1131375035.608074.71630@f14g2000cwb.googlegroups.com...
Hi David

I've finallly managed to get the source codes from the platform SDK CD
but there's 111 errors when compiling the samples (without changing
codes, except to change the locations of all the header files).
I've hit errors like
syntax error : identifier 'HSE_EXEC_URL_USER_INFO'

Is there another location where i can find a working sample?

Thanks!

[ Post a follow-up to this message ]

Hi David

You are right.
I've replaced the files in VC with those in SDK.
Works like magic.

The rest is up to me now.

Thanks very much!

Regards,
Kenneth

[ Post a follow-up to this message ]

Hi David

Almost done for me.
I just don't seemed to be able to configure the value of AUTH_TYPE to Basic.
Can you copy a snippet of the code that does that?

Thanks!
Hope this' the last time i bother u guys. 

Regards,
Kenneth

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:O3WDLFr4FHA.1476@TK2MSFTNGP10.phx.gbl...
> If you use CustomAuth ISAPI, it will be considered Anonymous by
> applications
> that use the AUTH_TYPE server variable to determine authentication type,
> even though it will configure the user token just like Basic or
> Integrated.
>
> It is basically a one line change in CustomAuth ISAPI to make it "fake"
> AUTH_TYPE server variable to be whatever you want (such as "Basic" or
> "NTLM"), and it should be unnoticible to other software running on IIS.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Kenneth Koh" <plshelpmepls@hotmail.com> wrote in message
> news:1131179065.000996.212120@o13g2000cwo.googlegroups.com...
> Hi Mike
>
> Thanks for the reply.
>
> The problem we are facing now is that this website uses MS CRM 1.2.
> The product requires either Basic or Windows Integrated and cannot be
> set to Anonymous.
>
> If we use the CustomAuth ISAPI and do our own login, will it still be
> considered as Basic or integrated?
>
> Thanks!
>
> Kenneth
>
>

[ Post a follow-up to this message ]