I want to secure some folders/directories on my website which is running under IIS6, but I don't want to enter the users in Active Directory or make them windows users in any way. I have the users/passwords in a database currently. In the past I had to purchase special ISAPI filters/applications in order to create password protected directories that could look up users/pass in DB or a flat-file (like an .htaccess type thing)... something like http://www.flicks.com/flicks/authx.htm or http://www.iistools.com/en/iispassword.html or http://www.dotnetprotect.com/
assuming I don't want to do any custom development... what are my options for making this work in IIS6? Are there any free/open-source options?
I was actually going to recommend authx by flicks software but I see you've already mentioned it.
That's probably the EASIEST way to do it... but here's another example you may wish to look into:
Link
Hope this helps.
Okay... I think I have a slightly better understanding of what you're looking for now.
Here's a couple more options to consider:
Change to Apache for Win32
This would solve your problem... for free... but only you can assess if it's worth the effort to make the move.
ISAPI Rewrite
http://www.isapirewrite.com/
I'm not positive this will work for you... but I seem to recall others being able to do .htaccess stuff with it. You'll have to research this one a bit.
IISPassword
http://www.iistools.com/en/iispassword.html
Probably too expensive for you.
The free version will allow up to 3 users I think. IISPassword will allow you to protect your site without using system user accounts.
I'm not sure if any solution is REALLY going to help you get away from development... but this should be close.