Microsoft Internet Security and Acceleration Server 2004 SDK

SetAuthenticatedUser

The SetAuthenticatedUser callback function is used by Web filters to set an authenticated non-Windows user. This allows associating authenticated user information with the current request.

The SetAuthenticatedUser callback function is declared as:

BOOL WINAPI * SetAuthenticatedUser(
  struct _HTTP_FILTER_CONTEXT* pfc,
  LPSTR lpszUserName ,
  LPSTR lpszNameSpace ,
  LPSTR lpszUserGroups 
);

Parameters

pfc
Pointer to the HTTP_FILTER_CONTEXT data structure that is associated with the current, active HTTP session. The filter context is passed in this parameter.
lpszUserName
Pointer to a null-terminated string containing the user name.
lpszNameSpace
Pointer to a null-terminated string containing the namespace of the authentication scheme for the user, as specified in IFPCAuthenticationScheme.

Note  The server variables AUTH_USER, REMOTE_USER, LOGON_USER (described in GetServerVariable) do not contain the namespace when using SetAuthenticatedUser. These variables contain only the user name. The AUTH_TYPE variable contains the name of the custom authentication scheme, which should have the same name as the namespace. The authentication scheme can also be retrieved from the Web listener. Note that there can only be one extensible authentication scheme.

lpszUserGroups
Pointer to a null-terminated string containing the user groups.

Return Values

Returns TRUE if the function succeeded, or FALSE if the function failed.

Remarks

The filter should check whether the authentication scheme specified in the lpszNameSpace parameter is enabled by calling GetAuthSchemeStatus, before passing a user of this authentication scheme.

Both the lpszUserName and lpszNameSpace parameters are required. If the string supplied in lpszNameSpace is longer than UNLEN characters, the function will fail. UNLEN is defined in Lmcons.h.

The lpszUserGroups parameter is optional. It enables the administrator to create a broader rule. For example, an administrator could set a rule for MyAuthScheme\MyAdministrators. Then the Web filter implementing MyAuthScheme could pass a specific user name, indicating that the user is a member of MyAdministrators, and the user will match the rule.

The string supplied in lpszUserGroups can be a comma-separated list of user groups.

Web filters call the SetAuthenticatedUser function through a pointer that is a member of the WPX_FILTER_AUTHENT_EX structure. A pointer to this structure is passed in each call to the HttpFilterProc entry-point function when the Web proxy sends an SF_NOTIFY_AUTHENTICATION notification to the Web filters that are registered to receive this notification just before ISA Server authenticates a client. If the fAuthIsRequired member of the WPX_FILTER_AUTHENT_EX structure is set to FALSE, the call to SetAuthenticatedUser succeeds, but the user specified is not set as an authenticated user.

Requirements

Server: Requires Windows Server 2003 or Windows 2000.
Version: Requires Internet Security and Acceleration Server 2004.
Header: Declared in Wpxhttpfilt.h.

See Also

Callback Functions