Extending IIS 5.0 Security

Extending IIS 5.0 Security

Although it is possible to extend IIS 5.0 security schemes by using Internet Server Application Programming Interface (ISAPI) filters, ASP pages, or Microsoft Component Object Model (COM) components, you should seriously consider the tradeoffs.

The advantage of using alternate authentication mechanisms is flexibility; if you write your own authentication code, you have complete control of those mechanisms. For example, you might decide to check the existence of a user account in an online database.

The disadvantage is that you now have security policy and enforcement in multiple places. If you update your corporate security policy, such as who is allowed access to what resources, then you may need to update the Web server as well. Eventually, this will become difficult to maintain and could lead to security vulnerabilities.

See the following:

• Extending IIS 5.0 Security with ISAPI Filters

• Extending IIS 5.0 Security with ASP Code