Microsoft Internet Security and Acceleration Server 2000


The ISA Web proxy service includes a pointer to this structure when a user is presented with an Access Denied error message. If your filter should be notified for this event, it should register for the SF_NOTIFY_ACCESS_DENIED event.

  const CHAR * pszURL; 
  const CHAR * pszPhysicalPath; 
  DWORD dwReason; 


Points to a null-terminated string that specifies the URL that requested access to the resource.
The physical path of the resource that was requested.
A DWORD date type containing flags that indicate the reasons for the denial. Can have one of the following values.
Value Meaning
SF_DENIED_LOGON The client could not be logged on.
SF_DENIED_RESOURCE The resource was denied by a Windows discretionary access control list (DACL).
SF_DENIED_FILTER A Web (ISAPI) filter denied the request.
SF_DENIED_APPLICATION An ISAPI extension or CGI application denied the request.
SF_DENIED_BY_CONFIG The server configuration denied the request. For example, disabling anonymous requests on the server would generate this filter notification when a user without credentials tried to make a request to the server.


This structure indicates that access to the requested resource has been denied by the server. The structure is generated when there has been a logon failure, or when a user requests a resource that has an associated DACL that does not include the logged-on user.

The server will automatically include the supported authentication schemes when an ISAPI extension, filter, or CGI script returns a 401 Access Denied error code.