ISAPI Filter Authentication:
The Internet Server Application Programmer Interface provides low level access to the entire web server request and event chain.  Because of this it can intercept requests before the web server handles them and provides the greatest authentication flexibility.

How to configure in IIS:

  • In the MMC the filter needs to be loaded under the ISAPI filters tab under the site properties
  • This assumes you have a valid authentication filter to load, if not you would first need to develop one using VC++ or purchase a commercial product.


  • High performance
  • Can provide flexibility to work with or without cookies and support failing over between them
  • Independent of the NT user base
  • Protects all types of files not just ASP scripts
  • Can support multiple web site on the same server


  • Requires purchase of commercial product or complex development of your own filter