Truth be told, I am not a Microsoft guy, especially not regarding web environments. When I got into web development, I thought that back then ASP was really ridiculous, compared to the failry new PHP. And PHP means logically using the Apache HTTP Server Project web server as part of the LAMP stack. I’m not going to make the ASP vs PHP comparison. This post is about my experience on authentication in Microsoft’s Internet Information Services (IIS) web server.
Configuring authentication in Apache really is a hazzle, in my opinion. Of course there is documentation on authentication, authorization and access control in Apache HTTPD, but it’s just not straight forward. For example, if you want to get basic authentication working , you need to create a password first, followed by setting the configuration to use this password in a
Contrarily, IIS allows you to configure authentication on a particular document on a folder in a site very seamlessly. As such you can strenghten the security for parts that are not to be viewed by others.
In Windows Server 2003 Enterprise edition, go to Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager. Click the server, expand your particular web site and select your Web Site. For the particular document or file, right click and select properties. There you select the file security tab. In the authentication and access control pane, click edit. A number of authentication methods can be configured and used at once: anonymous access, integrated windows authentication, digest authentication, basic authentication or Microsoft .NET Passport authentication.
Now that makes life easy. Just configuring a simple UI.
I wish it were as effortless in the Apache web server. Sigh.
This is only my point of view. Open source advocates might argue that Apache HTTPD is much more extendable and open of course, but that’s something else. I’m merely saying that this “point-and-click” approach of Microsoft IIS just makes life easier for me.
On another note, Mono developed a mod that provides support for .NET code in Apache. Isn’t cross platform software just awesome?