TRUELOGIN - ADVANCED SITE SECURITY SYSTEM

Using commercial grade RSA 1024 bit encryption for the authentication token

TrueLogin® is a software suite that allows Internet developers to quickly deploy highly secure affordable web based solutions for Microsoft's IIS web servers (4.0,5.0,5.1). TrueLogin® can be used by any web application that runs under Microsoft's IIS (ASP, CGI, PHP, ISAPI, ColdFusion, JSP, ActivePerl etc.) as long as the GUI interface that serves as the login page for the application is developed in ASP or as long as the language used by the login page has the ability to call external COM objects.

Here is an example of how and why you would want to use TRUELOGIN

When you click on a URL such as the "Download Truelogin Demo" that you see on your top right, you are simply reading a file. In fact the "Download Demo"executes this command:

http://www.truelogin.com/truelogindemo/true_login_v1.2.zip

All these files exist in your web site, and they are Read-only. However, if you wanted to allow a download of a purchased product, a file similar to the one above would exist on your server.

If a user was to purchase your product, make a bookmark of the URL, and give it to a friend, you would loose a copy of your product.

This applies also to other files, such as confidential price lists for resellers, warranty records, sales related records, etc.

TrueLogin® would filter all these attempts to access such files and deny access. Access would be allowed only on a "per user" basis, after the user is "authenticated" (logged in).

You would simply need to make 1 call to TrueLogin for your web application to be secured against hackers.

BENEFITS

TrueLogin® cuts down development time by completely taking care of all the security issues web developers may encounter while writing a web based solution. Using strong asymmetric public/private key RSA encryption for the access token and IP spoofing protection it provides state-of-the-art secure access to your web application. To acquire such a high level of protection at a lightning fast speed, all the binaries have been entirely written using C/C++ rendering highly optimized code, with no dependencies other than system libraries.

TRUELOGIN - HOW DOES IT WORK? (technical)

At the heart of this software suite stays an ISAPI filter, a multithreaded DLL that is executed inside IIS, which basically filters all the requests made to your site only allowing those that you chose to accept, based on the access token that your application has created when it authenticated the user, using the COM component from the TrueLogin® suite. This is one of the most comprehensive way to handle security, first of all because it is handled at very low level by a piece of code that executes as part of IIS, thus having pre-emptive access to all HTTP request, even before your application "sees" them so there is very little chance that an unauthenticated user can even hit your web application, let alone the possibility to attack it by feeding it malicious data to cause buffer overruns etc.

All the validation of the HTTP requests your application receives is done in tenths of millisecond by blazingly fast pure C, multithreaded code that runs as part of the IIS, leaving your application uncluttered with code to decide weather or not the request is legitimate and giving you easy access to the user id and the role of the client that made the request. All this information it is highly secure and impossible to fake because unless one has access to your public/private key pair there is no known way to create a valid access token that TrueLogin® would accept.

Using TrueLogin® you can stay focused on what you do best, create efficient web based application, in full confidence that only the users you authorize (through database logins, text file login tables, LDAP etc) through a mechanism that you decide how to use and/or implement, have access to your application. TrueLogin® is easily configurable through the means of a configuration file that is read at runtime from the directory where the ISAPI filter is installed (tlisapi.dll). The configuration file is called true.conf and it has a valid XML syntax, describing all the configurable parameters for TrueLogin®.