Cookie Authentication:
Cookie authentication makes use of functionality at the scripting level to provide user authentication.

How to configure in IIS:

  • This does not require specific IIS server configuration but rather ASP script configuration
  • The following code would need to be placed at the top of each page you wanted to protect:

    If Session("login") = FALSE Then 
      Response.Redirect "LoginPage.asp" 
       Response.Write "You are logged in" 
    End If 
  • The following code is an example of a simple login form:
    if request.form("password") = "yourpass" then
      session("login") = TRUE
    end if
     <form method="POST" action="login.asp"
    <input type="text" name="password" size="20"><input type="submit" value="login" name="login"></p>
  • This code could be expanded to tie into a database and track usernames as well as passwords but the concept is the same as this hardcoded sample with a password of "yourpass".


  • Can use custom designed login form
  • Can store usernames and passwords independently of NT users


  • This will only protect ASP scripts (not images, html etc)
  • This requires that users browsers support cookies and have them enabled
  • protection must be implemented on a per page basis (for example a directory can not be protected)