WebAuth-IIS allows Windows web servers to authenticate and authorize users using Stanford WebAuth.

WebAuth-IIS is implemented as an ISAPI filter and extension for IIS 6.0 running on Windows Server 2003. It uses the WebAuth protocol to authenticate visitors to a website, and optionally maps authenticated users to Windows accounts, allowing for simple authorization using Windows access control lists. WebAuth-IIS provides similar functionality on IIS as Stanford WebAuth on an Apache server. However, LDAP directory integration has not yet been implemented on WebAuth-IIS.

The initial version of WebAuth-IIS was developed by Stanford ITSS and released on 3/15/2005. However, it had several errors and security flaws that made it unsuitable for a production environment. This version (which is mostly based on ITSS' code) corrects those flaws and adds a few additional features, noted below. I have been using it on this server since October 2005, and on the CS198 web site since May 2006. To see WebAuth-IIS in use, just login to the CS198 website (SUNet ID required).

Version 1.2.1 (7/10/2006) - Download source code and binaries (.zip)

Version 1.2 (2/19/2006)

Version 1.1 (10/6/2005)