Basic Authentication against Non-Windows Accounts

IIS supports HTTP authentication methods like Basic, Digest and Integrated. The problem is that all of them are hardwired to Windows accounts. This means that you need a Windows user on your server for every account you want to HTTP-auth enable. Having the ability to do plain Basic Authentication agains account stored e.g. in a database would be very handy for a range of situations like web applications, (WCF) web services, REST services, Silverlight service backends etc. This is exactly what this module does. The module comes in two flavours: for IIS 6 and 7. They are almost identical, but configuration and semantics wrt anonymous authentication are slightly different and I didn't spend the time to create a version that will work optimally in both environments. The IIS 6 version can be downloaded from the release section - but all the new work and improvements will go into the IIS 7 version.

The module implements the HTTP Basic Authentication protocol and does authentication against a Membership provider. You can use the built-providers or simply write your own (you only need to implement the ValidateUser method).
Furthermore the module includes some plumbing to enable WCF services to use basic authentication against non-Windows accounts in IIS.

The configuration integrates nicely with IIS 7 in the system.webServer/security/authentication section (as well as the graphical IIS 7 manager).

Allows to protect web content of all sorts by HTTP basic authentication. The user accounts are not restricted to Windows accounts.

IIS6 or 7 and a membership provider