Microsoft Internet Security and Acceleration Server 2000

IFWXFirewall::CreatePrivateSession Method

Creates a private session object for a given client.

HRESULT CreatePrivateSession(
  LPSOCKADDR ClientAddress,
  DWORD ClientAddressLength,
  LPSOCKADDR ProxyInternalAddress,
  DWORD ProxyInternalAddressLength,
  IFWXImpersonator *Impersonator,
  IFWXSession **ppPrivateSession


[in] Pointer to a sockaddr structure that contains the address of the client for which the session object is needed.
[in] Length, in bytes, of the structure pointed to by the ClientAddress parameter.
[in] Pointer to a sockaddr structure that contains the internal address of the proxy used to communicate with the client.
[in] Length, in bytes, of the structure pointed to by the ProxyInternalAddress parameter. On a multihomed computer, one with more than one internal interface, the filter uses this parameter to set which interface is to be used. Can be NULL, in which case the Firewall service will select the internal interface.
[in] Pointer to impersonator object that will be used for impersonating the session's user. This parameter can be NULL, in which case only the client IP address will be used when processing rules.
[out] Address of a parameter that receives a pointer to the IFWXSession interface on the newly created session.


A private session object allows a filter to use an application-level authentication scheme.

Private sessions may be needed in outbound and inbound scenarios.

Outbound scenario: Session objects are created automatically for Firewall service or SecureNAT client requests, but not when an application connects to an internal address of the ISA Server through an application filter. A filter that acts as an application-level proxy, may have to create a private session object by using the CreatePrivateSession method to have access to session-dependent functions.

Inbound Scenario: Inbound primary connections can be directed to a SecureNAT client by using the CreatePrivateSession or IFWXFirewall::GetNATSession method. Use IFWXFirewall::CreatePrivateSession when the inbound connection has been requested by an application, the SecureNAT client is not known by the Firewall service, and no session object has been created. Use IFWXFirewall::GetNATSession only if the filter can assert that the client is configured to be a SecureNAT client of that server.