Cookie Authentication:
 
Cookie authentication makes use of functionality at the scripting level to provide user authentication.


How to configure in IIS:

• This does not require specific IIS server configuration but rather ASP script configuration
• The following code would need to be placed at the top of each page you wanted to protect:
  
  <% 
  If Session("login") = FALSE Then 
    Response.Redirect "LoginPage.asp" 
  Else
     Response.Write "You are logged in" 
  End If 
  %>
  
• The following code is an example of a simple login form:
  <%
  if request.form("password") = "yourpass" then
    session("login") = TRUE
  end if
  %>
   <form method="POST" action="login.asp"
  <input type="text" name="password" size="20"><input type="submit" value="login" name="login"></p>
  </form>
  
• This code could be expanded to tie into a database and track usernames as well as passwords but the concept is the same as this hardcoded sample with a password of "yourpass".

Advantages:

• Can use custom designed login form
• Can store usernames and passwords independently of NT users

 
Disadvantages:

• This will only protect ASP scripts (not images, html etc)
• This requires that users browsers support cookies and have them enabled
• protection must be implemented on a per page basis (for example a directory can not be protected)