UserLock can monitor the 'Internet Information Services' (IIS) sessions. This feature allows you to define by protected account the number of maximum concurrent IIS sessions on a specific IIS application like Outlook Web Access or an Intranet site. You can also use the generated logs recorded in the UserLock database to produce reports. To supervise IIS sessions, you need to deploy the UserLock 'IIS agent' and then configure it on the IIS server.
The 'Agent distribution' engine automatically detects servers where 'Internet Information Services' is installed and running. To deploy the UserLock 'IIS agent', you just need to select its corresponding line from the 'Agent distribution' view and click on 'Install' from the 'Quick access' panel or from the context menu. Once the agent is deployed, you need to configure the website settings on the target server in 'IIS Manager'.
Since UserLock version 8, two 'IIS agents' are provided:
- An agent using the ISAPI filter
ISAPI filters must mandatorily be used with IIS 6 platforms and are still supported on later versions of IIS. ISAPI filters allow you to protect a whole website, not just a single target Web application.
- An agent using thenative HttpModule technology
HttpModules are designed to work only on IIS 7 and higher and can be used to protect a single Web application instead of the whole website.
'In many ways, native-code HTTP modules resemble an amalgamation of the technologies that software developers used to create managed ASP.NET HTTP modules and native-code ISAPI filters and extensions with earlier versions of IIS.' (source MSDN).
For all authenticated requests, the agent asks the UserLock server whether the connection should be allowed or denied. In the case of a negative answer, an explicit HTML error page is displayed to the end user.
- You can find further documentation about ISAPI filters or HttpModules on the Microsoft website.
- Several ISAPI filters as well as HttpModules are allowed for the same website/ Web application. You shouldn't encounter any conflict if others are already installed.
- Both agent technologies can be deployed on the same IIS server but can't target the same website/ Web application.