Implementing Custom Authentication Using Wildcard Application Maps
You can implement a custom forms-based authentication scheme with an ISAPI extension that intercepts all incoming requests in the same way that an ISAPI filter intercepts all incoming requests.
Beginning with IIS 6.0, ISAPI extensions can intercept all incoming requests to the IIS server using the HSE_REQ_EXEC_URL function. This functionality is called wildcard application mapping. ISAPI extensions that implement this functionality are called global interceptors. Global interceptors can replace ISAPI filters that read raw data while including the added benefits of ISAPI extensions. A chain of global interceptors can be set up to redirect to one another or redirect to another resource.
IIS 5.1 and earlier: HSE_REQ_EXEC_URL is not available.
For more information about wildcard application mappings and alternatives for previous versions of IIS, see Wildcard Application Mapping. For another code example, see Intercepting All Incoming IIS Requests.