Basic Authentication against Non-Windows Accounts

Windows This is a Community Contributed Download

CategoryManage, Develop
Supported by N/A
Works WithIIS 6, IIS 7
Documentation N/A
Updated onApril 30, 2008
Uploaded bydbaier


IIS supports HTTP authentication methods like Basic, Digest and Integrated. The problem is that all of them are hardwired to Windows accounts. This means that you need a Windows user on your server for every account you want to HTTP-auth enable. Having the ability to do plain Basic Authentication agains account stored e.g. in a database would be very handy for a range of situations like web applications, (WCF) web services, REST services, Silverlight service backends etc. This is exactly what this module does. The module comes in two flavours: for IIS 6 and 7. They are almost identical, but configuration and semantics wrt anonymous authentication are slightly different and I didn't spend the time to create a version that will work optimally in both environments. The IIS 6 version can be downloaded from the release section - but all the new work and improvements will go into the IIS 7 version.


The module implements the HTTP Basic Authentication protocol and does authentication against a Membership provider. You can use the built-providers or simply write your own (you only need to implement the ValidateUser method).
Furthermore the module includes some plumbing to enable WCF services to use basic authentication against non-Windows accounts in IIS.

The configuration integrates nicely with IIS 7 in the system.webServer/security/authentication section (as well as the graphical IIS 7 manager).


Allows to protect web content of all sorts by HTTP basic authentication. The user accounts are not restricted to Windows accounts.


IIS6 or 7 and a membership provider