***************************************************************************** MyAuth Web Filter Sample ***************************************************************************** Copyright (c) Microsoft Corporation. All rights reserved. THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS HEREBY PERMITTED. ***************************************************************************** The MyAuth Web filter sample demonstrates ISA Server's authentication extensibility model. The MyAuth Web filter registers a new user-defined authentication scheme and performs the authentication instead of the Web proxy for every HTTP request. The authentication performed in the sample is not a true authentication. The filter asks for the user name, and when it receives the user name, the user is considered authenticated. ------------------------ Compilation Instructions ------------------------ - You must use Visual Studio .NET. (Visual C++ 6.0 is NOT supported). - The sample must be located in the original location where it was installed by the SDK installer because the .vcproj file includes relative references to files in the SDK Inc folder. - Open the MyAuth.sln file and compile the whole solution. ------------------------- Installation Instructions ------------------------- To install the Web filter: 1. Copy MyAuth.dll to a computer running ISA Server 2004. We recommend that you copy it to the ISA Server installation folder. 2. At a command-line prompt, type the following line and then press ENTER: regsvr32 MyAuth.dll 3. Open ISA Server Management, expand the Configuration node, and click Add-ins. In the details pane, click the Web Filters tab and verify that the MyAuth Web filter is listed. ------------------ Testing the filter ------------------ To test the MyAuth Web filter: 1. Configure a Web listener to use the new authentication scheme, assuming that your client is in the Internal network. To do this, in the console tree, click Networks. On the Networks tab in the details pane, click Internal. On the Tasks tab in the task pane, click Edit Selected Network. On the Web Proxy tab, click the Authentication button. In the dialog box that opens, confirm that MyAuthScheme is included in the list of authentication methods. Clear any selected authentication methods and select MyAuthScheme. 2. Define a user under the MyAuthScheme namespace. To do this, in ISA Server Management, click Firewall Policy. On the Toolbox tab in the task pane, click Users and then click New. In the New User Set wizard, when you select users to add to the new user set, you should be able to add a new user for the MyAuthScheme namespace. 3. Define an access rule which allows HTTP access for the new user set. To do this, in ISA Server Management, select Firewall Policy. On the Tasks tab in the task pane, click Create a New Access Rule to launch the New Access Rule wizard. Follow the wizard instructions to create a rule that allows access to HTTP traffic from the Internal network to all networks for the new user set. 4. Send an HTTP request from a client in the Internal network to an external Web server. In response, you should see a Web page that asks you to enter your name and has Submit and Reset buttons. Type the name of the user that you added to the MyAuthScheme namespace and click submit. The request should be allowed. 5. Repeat Step 4, but type a different user name. The request should be denied. Note that in DEBUG mode you can see debug prints in a debug console (such as dbmon). All MyAuth debug messages start with the prefix "MYAUTH: ". ------------------------ Unregistering the filter ------------------------ 1. Make sure MyAuthScheme is not referenced by any configuration object such as a Web listener or a user set. 2. At a command-line prompt, type the following line and then press ENTER: regsvr32 /u MyAuth.dll