The AuthAnvil Web Logon Agent offers companies the ability to add strong two-factor authentication to web applications running on Microsoft’s Internet Information Server (IIS). It provides a simple and consistent authentication experience in front of any web application or portal installed into IIS, including Outlook Web Access (OWA), Remote Web Workplace (RWW), MSCRM and SharePoint. And it offers identity assurance by requiring users to provide their AuthAnvil passcode before they can access the underlying web application or portal.

AuthAnvil uses one-time passwords (OTP) that are dynamically generated by portable hardware authentication tokens. Combined with an easy to remember PIN, these two pieces of information create a strong passcode that cannot be reproduced. And can only be used once. This is what makes up two-factor authentication. It is something you know (your unique PIN) and something you have (your OTP).

When employees, partners or customers visit a protected web application AuthAnvil provides a web logon form challenging the user for their AuthAnvil passcode. When a user attempts to log in their passcode is sent to the AuthAnvil Strong Authentication Server (SAS) for authentication. If accepted, AuthAnvil transfers the request back to IIS, which then attempts to authenticate the user against the authentication system provided by the web application.

To accomplish this, AuthAnvil uses an ISAPI extension that installs directly into IIS. It sits between the user’s browser and the web server, intercepting all resource requests. When a request is made to a protected resource AuthAnvil challenges the user for their username and passcode. If the user is authenticated and authorized to access the resource, a tamper-resistant session cookie is created and the request is passed on to the underlying web resource.

Identity assurance reduces this risk. It forces users to prove they are who they say they are by presenting their authentication token during logon and providing the dynamically generated one-time password. When used to protect web applications, it ensures that a known and valid user is allowed access and has proven their identity before they are offered a chance to provide any other credential specific to that site.

To add AuthAnvil strong authentication support to protected web applications in IIS the following prerequisites are needed:

• Windows Server 2003 or SBS 2003
• Internet Information Server 6.0 (IIS)
• Microsoft .NET Framework 2.0
• AuthAnvil DCOM Bridge
• AuthAnvil Web Logon Agent
• Network access to an AuthAnvil SAS
• AuthAnvil Authentication Tokens

Some highlights to the AuthAnvil Web Logon solution include:

• Identity assurance that proves that the user attempting to logon is who they say they are.
• Leverages your existing investment into Microsoft technology to deliver enterprise level security at a fraction of the price.
• Supports Active Directory Security Groups to manage authorization by group membership
• Supports IP based access control to override authentication behaviour