Re: Using IIS ISAPI filters on ISA 2000 as web filters

From: stevemsaunders@sbcglobal.net
Date: 05/16/02 

From: stevemsaunders@sbcglobal.net
Date: Thu, 16 May 2002 08:37:48 GMT

 I appreciate your time in trying to answer my query and, you're
right, that works wonderfully in IIS.

Unfortunately, that's not what I'm trying to do.

What I need is to

a) configure an IIS ISAPI filter to act as a "webfilter" within the
ISA 2000 MMC (already done, as detailed below) , and

b) register the resulting "webfilter" so that it acts upon a given Web
Publishing rule (the part I need help with).

>From an architectural standpoint, I have a number of webservers that I
want intranet users to be able to use without authenticating, while
requiring external users to authenticate with tokens before seeing
content.

If I can do all of the authentication via a webfilter at the ISA
server, I'm golden.

Otherwise, the only way I've figured out how to do it is to make two
copies of each webserver, registering the ISAPI filter on only one of
them at the IIS level, which is a huge pain in the ***, both for the
initial amount of work involved, as well as ongoing maintenance
issues.

                         RADIUS
                             |
                     --------|-------- |------www1
Internet---------| isa 2000 |-------|-----www2
                     ---------------- |-----www3
                                             |-----www4
                                             |-----www5
                                             |-----www6
                                             |

|--------------------intranet

Anyone one else an ISA 2000 expert and want to take a stab at my
problem?

Thanks in advance,

Steve

On Wed, 15 May 2002 22:29:23 +0000 (UTC), "SysAdm"
<wjones@sitesmith.com> wrote:

>go into the website properties in IIS, select home directory tab, click on
>configuration button within application section, u will see the default
>isapi filters listed. add yours, and add which extension should activate
>it. set it to run in high-security (its own allocated space).
>
>whilst doing this, get rid of all the isapi extensions your site doesnt use
>(.ida and .idq were/are both used by code red).
>
>SysAdm
>
>
><stevemsaunders@sbcglobal.net> wrote in message
>news:3ce0b9c5.105804258@news.la.sbcglobal.net...
>> I'm trying to register and use an IIS ISAPI filter on ISA 2000 (as a
>> web filter), that intercepts HTTP requests and lets you authenticate
>> against a RADIUS server using Activcard token-based
>> one-time-passwords.
>>
>> I can register the ISAPI filter and activate it using the Visual Basic
>> code sample hidden on MSDN (see below) but I have absolutely no idea
>> how to assign it to a specific Web publishing rule (currently
>> publishing IIS 5.0 content).
>>
>> Anyone?
>>
>> Steve
>>
>> -----------------------------------------------
>>
>> Add filter code
>>
>> set FPC = WScript.CreateObject("FPC.Root")
>> Set filters = FPC.Arrays.GetContainingArray.Extensions.WebFilters
>> Set mfilter = filters.Add("{17F5850B-B6DB-4cde-8C7B-806EA608DDD1}",
>> "ActivCardISAPI", " C:\AC\SDSW3IIS.dll ", 2, 2)
>> '2 == fpcFilterPriority_High
>> mfilter.Description = "ISAPI RADIUS connector to ACtivPack"
>> mfilter.Vendor = "ActivCard"
>> mfilter.Version = "1.0"
>> mfilter.Enabled = True
>> filters.Save
>> WScript.Echo "done"
>>
>> -------------------------------------------
>> Activate filter code
>>
>> set FPC = WScript.CreateObject("FPC.Root")
>> Set filters = FPC.Arrays.GetContainingArray.Extensions.WebFilters
>> Set mfilter = filters("{17F5850B-B6DB-4cde-8C7B-806EA608DDD1}")
>> mfilter.Enabled = True
>> mfilter.Save
>> WScript.Echo "done"
>
>