IISPassword

IISPassword v2.1.4 | Size: 3.4MB

IIS password enables password protection for web sites on Microsoft IIS, without having to use Windows System users. It’s the equivalent of htaccess on Apache, except that it’s used on Microsoft IIS.

IISPassword uses Basic HTTP Authentication for password protecting web sites on IIS, just like htaccess works on Apache. That makes your password protected Apache web site compatible with IIS, and vice versa.

A powerful and intuitive interface makes it possible to password protect a web site in just moments. More advanced settings provide options such as user group management and protection of certain file types.

Main Features

Easy installation - IISPassword is installed with an easy setup program.
Easy administration - IISPassword integrates with IIS, creating a new tab in the management console. Protecting a web site is very easy. Select the site or folder to protect, then a username and a password. That's all there is to it. The advanced mode enables user groups and protection of certain file types.
High performance - IISPassword has been tested in a live environment with heavy traffic, generating practically no extra CPU load on the web servers.
Compatibility with htaccess - IISPassword makes password protected Apache web sites compatible with IIS, and vice versa.
Command line administration - IISPassword can be administrated through a command line interface, allowing automatic administration based on scripts or applications.

Components

ISAPI filter - IISPassword is an ISAPI filter. This makes IISPassword a secure application with low performance costs.
IIS Snap-In - IISPassword is seamlessly integrated into the IIS management console, making password protection an easy task.
Command line tool - IISPassword also provides a command line interface for scripts or applications. This makes it possible to migrate IISPassword into existing control panel systems.
Web Service Configuration - IISPassword provides web services for adding, editing, removing and listing users. This is another option for control panel & purchase area integration.

All for free

IISPassword is free for private, educational and commercial use for up to 3 users. Educational / non-profit discounts are available on all our products.

Supported platforms

IIS 5 / Windows 2000
IIS 5.1 / Windows XP
IIS 6 / Windows 2003
64bit versions of the above Operating Systems are now supported.

Changelog

2.1.4 Release - release date: 05/07/2009

IISPassword now ignores any directives it doesn't understand. This means that compatibility with ISAPI Rewrite should now be out of the box, rather than needing to modify the name of the access file.

2.1.3 Release - release date: 03/10/2008

Fixed issues with the remote admin web services.

2.1.1 Release - release date: 01/09/2008

Added "admin web service" functionality. See the web help for further details.

2.1.0 Release - release date: 01/08/2008

Added support for 64 bit operating systems
Fixed performance / permissions issues when used on a network drive

2.0.0 Release - release date: 01/03/2008

Added the "AuthType None" option to allow sub-folders to be unprotected
Fixed Authorization header causing crash when used incorrectly
Fixed Sub folder permissions
Fixed Customising the HTML files for the error documentations

1.0.408 Release - release date: 01/26/2005

Fixed the issue with double occurrence of HTTP_IISPWD_USER.
Fixed the issue with double occurrence of error pages.

1.0.407 Release - release date: 01/11/2005

IISPWD user added to HTTP header.
New Live Update application included.
Minor installation issues fixed.
Double occurrence of HTTP_IISPWD_USER in some cases.

1.0.406 Release - release date: 11/26/2004

Minor installation changes.

1.0.405 Release - release date: 09/10/2004

Blank space in .htaccess directives values issue fixed.

1.0.404 Release - release date: 08/10/2004

Installation framework has been changed to InstallShield system.
Installation bug which uninstalls the wrong filter fixed.
Double occurrence of error pages (401, 403, 500) in some cases.

1.0.401 Release - release date: 05/25/2004

Works on IIS5.0 and later.
Compatible with HTTP/1.1, HTTP/1.0 and /0.9 standards.
Compatible with Apache (".htaccess authentication methods"), supports the next set of keywords: AuthGroupFile, AuthUserFile, AuthName, AuthType (Basic), Files, FilesMatch, Require (User, Group, Valid-User).
Changeable authentication file name (.htaccess is default, but it can be whatever wanted).
MMC 1.2 or 2.0.
Protects custom set of file types.
Allows anonymous user authentication independent from system NT users.
Definition of groups, and group access.
Works with unlimited number of users.
Blank space in .htaccess directives does not work in some cases.
Sometimes uninstall program removes the wrong filter.

Frequently Asked Questions

Q: What does IISPassword do?

A: IISPassword password protects web sites that are hosted on Microsoft IIS, without using system user accounts. IISPassword protects complete web sites, subfolders or even certain files or file types. When trying to access a password protected object, the user is asked to log in through a dialog box, such as the one to the right.

Q: Why should I use IISPassword?

A: IISPassword provides an easy way to protect certain content on web sites. Instead of working with system user accounts, which may be difficult and even a security risk, virtual users are used. Administration is handled through an IIS snap-in or through a command line interface, making integration easy with existing administration solutions based on scripts or applications.

Q: Does IISPassword affect web server performance?

A: IISPassword is a very small application that generates almost no load to the server. The application has been tested in a real hosting environment with about 500 web sites and almost 20,000 requests per hour, without generating any significant load on the processors.

Q: Why does IISPassword use the same way of protection as htaccess?

A:There are two reasons for this. First, it’s simple. By defining security settings using htaccess files, all folders and subfolders can be protected. The second reason is compatibility. Many users hesitate to transfer web sites from Apache to IIS, and vice versa, just because some of the web site content might be password protected. IISPassword enables cross-platform compatibility for these password protected web sites.

Q: With IISPassword, is it possible to protect just certain file types, for example images?

A:Yes, this is possible to set up in the advanced mode of IISPassword. Certain files or file types can be protected by using wildcard definitions.

Q: Is it possible to use IISPassword together with Integrated Windows Authentication?

A: Yes and no. It is possible to use them both, as long as they are not used to protect the same files or folders. IISPassword expects anonymous access to be enabled in order to work properly. It is not possible to use both IISPassword and Integrated Windows Authentication on the same object, due to the internal functionality of HTTP authentication. IIS would simply not know what kind of protection to use.

Q: Does IISPassword work with IIS 6.0 on Windows 2003?

A:Yes, IISPassword is compatible with Windows 2003 and IIS 6.0.

Q: Does IISPassword work with 64bit Windows?

A:Yes, IISPassword is now compatible with Windows 64 bit operating systems (with IIS in 32 or 64 bit modes).