User Authentication Using Custom ISAPI Filter

From: Paul Hounshell (
Date: 05/06/03

Date: Tue, 6 May 2003 16:25:58 -0400

We've authored a small ISAPI filter which handles our user authentication
against an xml file. Now we want to be able to read the user's login in

In web.config we set <authentication mode="Windows"/> and in IIS we have
basic authentication on and anonymous access off. When we check the
ServerVariables though, we run into a bit of a problem. The AUTH_USER it
returns is the username that our ISAPI filter mapped the user's login to.
We want AUTH_USER to be the username the user signed in as. AUTH_PASSWORD
is correct in that it's the password that the user entered. What's even
more perplexing is that the correct information is base64 encoded in
ALL_HTTP. I'd use that, but I don't want to go through the effort of
pulling it out if there's a better way.

Any suggestions? Thanks,

Paul Hounshell