You can configure the virtual directory through the Microsoft Internet Information Server (IIS) to get client authentication. Basic authentication requires the client to provide a username and password, which are verified by the web server. If clients are logged into the same Windows domain as the web server, you can also use Integrated Windows Authentication, which handles authentication without sending any passwords over the wire.

Similar options for basic authentication are available in Java-based web servers.

Your gatekeeper application handles client authentication based on another username and password pair that the client sends. The gatekeeper extracts these strings from the InitiateRequest message and then uses them to authenticate the client by whatever customized method you want.