The CustomAuth tool provides an alternative method of authentication to the standard IIS solutions, such as Basic, NTLM, and internal IIS methods.
Unlike the other methods, CustomAuth provides a standard Web form that can be customized. The login credentials are exchanged over SSL and the credential information is retained on the client using a cookie. Once logged on, clients can log off manually or a timeout value can be set.
CustomAuth, in fact, requires authentication through SSL. You can use SelfSSL, another component of the resource kit, to generate your own SSL certificates. You might also want to use the IISCertDeploy tool, also in the kit, to back up and restore certificates.
CustomAuth can be used in situations such as public kiosks, Internet cafés, and simple authentication sites for beta test distribution, demo sites, and other situations. I don't recommend its use in production environments or areas in which security is crucial?use one of the built-in authentication schemes for these installations.
You also cannot use the system with Web gardens (multiple worker processes per application pool) or mixed authentication environments because of the way in which the initial authentication and cookie credentials system work.