PassDir, PassDir, Magenta Password Directory IIS Filter, is a tool for protecting specified directories from unauthorised access using the Microsoft Windows IIS Web Server. It supports IIS/4 in NT4, IIS/5.0 in W2K, IIS/5.1 in XP Pro and IIS/6 in in Windows 2003 Server. It is designed to provide protection by simply FTP'ing or copying text files onto the server without needing access to any IIS Administration functions, similarly to the way the UNIX Apache web server is protected by .htaccess/.htpasswd files.

PassDir uses the same Apache .htpasswd format files for the lists of authorised users, although the information from multiple .htaccess files is contained in a single INI file. PassDir also has the ability to redirect expired users to a special renewal page.

Note that PassDir is a Windows DLL that needs to be installed as an ISAPI Filter in IIS at either master, default or virtual site level through IIS Administration. But once installed, all configuration is through text files. If you don't have access to your own web server, please check first that your web hosting company will install an ISAPI Filter on your site.

PassDir includes the Encode UNIX Password 32-bit Windows application that allows user names and passwords to be encoded into .htpasswd format files. This may be automated by command line arguments. Alternatively an OCX is available that allow password management to be added to windows applications.

Please note that PassDir is incompatible with FrontPage publishing which requires windows authentication to be enabled to work properly. But FTP has always been the best way to update web sites.

PassDir is shareware, developed by Magenta Systems Ltd, in the UK. PassDir is licensed per directory protected, so it's affordable for those just needing to protect a single directory:

Single directory	£30 (£35.25 including VAT)
2 to 5 directories	£50 (£58.75 including VAT)
6 to 10 directories	£75 (£88.13 including VAT)
11 to 25 directories	£100 (£117.50 including VAT)
Unlimited directories	£200 (£235.00 including VAT)

Multiple pricing of the unlimited directories version of PassDir is:

2 copies	£175 each (£205,62 including VAT)
3 to 5 copies	£160 each (£188 including VAT)
6 to 10 copies	£150 each (£176.25 including VAT)
11 to 25 copies	£135 each (£158.62 including VAT)
26 copies and up	£100 each (£117.50 including VAT)

Only the unlimited version allows more than one copy of PassDir to be used on the same server for different for different sites. This price includes future upgrades to PassDir which may be downloaded from this web site. VAT is not charged for sales outside Europe.

Until registered, PassDir stops checking passwords 24 hours after it is started, stopping access to the protected directories. A maximum of 25 directories are supported in unregistered mode.

4th February 2003 - Release 1.4.1 - now monitors the directory with the PassDir INI file for changes, and automatically reloads the file if it changes. Please ensure that logs are not placed in the same directory as the INI file, otherwise it will be reloaded too often.

20th April 2003 - Release 1.5.0 - Added an alternate method to specify multiple servers, rather than adding the server name to the path in the section header, one or more host names may be specified. This is particularly useful where two or more domains are used for the same site. Added a Deny mask to prevent the password file being downloaded. Improved house keeping to prevent the internal list of users that have accessed the site being kept for ever. Prevent checking for INI file changes if logs are located in the same directory, since this will cause run away logging. PassDir now puts much cleaner messages into the NT event log.

22nd May 2005 - 1.7.0 - Added LicenseFile to allow userreg.txt to be located in a specified directory, primarily where multiple PassDir DLLs are installed for different sites, so they can share the same license key file. Added support for authentication cookies, as an alternative to the basic authentication logon dialog box. thus allowing the logon user name and password to be entered using normal HTLM form fields and saved as a cookie which PassDir reads instead of the Authorization: header. The cookie is called PASSDIRLOGON, the cookie path is set to the protected directory path, expiry date is optional, and the cookie value is the logon details, in one of three formats. The simplest cookie format is clear text, '1logon:password' where the figure 1 indicates clear format and a colon separates the logon name and password. To avoid the password being visible, it may be encoded using Magenta COM Objects (magobjs.dll), an ActiveX that must be installed on the server running the ASP pages, where the cookie becomes '2encodedstring'. Finally the logon may be base64 by VBScript to avoid using an ActiveX, where the cookie becomes '3base64string'. Note that cookies values are visible in the browser and often appear in web logs. Magenta COM Objects is available free to licensees of the 10-25 or unlimited directory versions of PassDir. A web page logon.asp illustrates the VBScript needed to create the cookies described above. Fixed a problem that may have prevented PassDir running on Windows 2003 server. Improved logging so alphabetic dates are always used.

PassDir is used on this web site to protect the members only Delphi and Telecom Tariff directories.

A demonstration private page is available for which the logon is 'test' with password 'test'. You can also access it using cookies by logging on first to bypass the normal password dialog displayed by the browser.

Encode UNIX Password

Encode UNIX Password is a simple Windows application that allows user names and passwords to be encoded into a format suitable for use with UNIX systems, in particular for the Apache web server running on UNIX to restrict access to your web site to authorised users. This allows new users to be added to the .htpasswd file locally on the PC, without needing to run a script while online to encode the passwords. Once updated, the file will still need to be FTP'd to your web site.

Release 1.1 - adds the ability to update the password file directly rather than copying via the clipboard, to encode lists of users names and passwords, and to be run with command line arguments from other applications.

Release 1.2 - corrected a problem with long user names causing word wrapping in the encoded data window and a corrupted password list.

The readme file explains how to create the .htaccess and .htpasswd files needed to restrict web site to authorised users. But note that not all Apache web servers support authorisation so check with your hosting company first.

If you need to generate UNIX passwords from a programming language, there are two alternatives:

TDESCrypt component for Delphi 3, 4, 5, 6, 7 and 2005, created by Herzog Samuel.
DESCryptX is an ActiveX control from OS Systems Ltd which uses the same TDESCrypt component and includes examples in Visual Basic and Delphi. It could also be used from ASP.

Encode UNIX Password is free.

Update Windows Registration Details

Update Windows Registration Details is a very simple Windows 95 and 98, Windows NT and Windows 2000 application designed to change the registered windows user name and company (organisation). These details are normally specified during installation of windows, but may not reflect the name of the current PC owner or may be have been set to something like 'Pre-Installed User' by a lazy supplier or dealer.

Please note that some software packages may be configured to expect specific windows registration details, and will fail if they are changed.

Update Windows Registration Details is free.

Magenta Systems Ltd, 9 Vincent Road, Croydon CR0 6ED, United Kingdom
Phone 020 8656 3636, International Phone +44 20 8656 3636
Fax 020 8656 8127, International Fax +44 20 8656 8127
http://www.magsys.co.uk/
Copyright © 2008 Magenta Systems Ltd, England. All Rights Reserved.