The SetAuthenticatedUser callback function is used by Web filters to set an authenticated non-Windows user. This allows associating information about an authenticated user with the current request.
The SetAuthenticatedUser callback function is declared as:
BOOL WINAPI * SetAuthenticatedUser( __in struct _HTTP_FILTER_CONTEXT* pfc, __in LPSTR lpszUserName , __in LPSTR lpszNameSpace , __in LPSTR lpszUserGroups );
Pointer to the HTTP_FILTER_CONTEXT data structure that is associated with the current, active HTTP session. The filter context is passed in this parameter.
Pointer to a null-terminated string containing the user name.
Pointer to a null-terminated string containing the namespace of the authentication scheme for the user, as specified in IFPCAuthenticationScheme.
Note The server variables AUTH_USER, REMOTE_USER, LOGON_USER (described in GetServerVariable) do not contain the namespace when using SetAuthenticatedUser. These variables contain only the user name. The AUTH_TYPE variable contains the name of the custom authentication scheme, which should have the same name as the namespace. The authentication scheme can also be retrieved from the Web listener. Note that there can only be one extensible authentication scheme.
Pointer to a null-terminated string containing the user groups.
This callback function returns TRUE if the call is successful; otherwise, it returns FALSE. To obtain extended error information, call GetLastError.
The filter should check whether the authentication scheme specified in the lpszNameSpace parameter is enabled by calling GetAuthSchemeStatus, before passing a user of this authentication scheme.
Both the lpszUserName and lpszNameSpace parameters are required. If the string supplied in lpszNameSpace is longer than UNLEN characters, the function will fail. UNLEN is defined in Lmcons.h.
The lpszUserGroups parameter is optional. It enables the administrator to create a broader rule. For example, an administrator could set a rule for MyAuthScheme\MyAdministrators. Then the Web filter implementing MyAuthScheme could pass a specific user name, indicating that the user is a member of MyAdministrators, and the user will match the rule.
The string supplied in lpszUserGroups can be a comma-separated list of user groups.
Web filters call the SetAuthenticatedUser function through a pointer that is a member of the WPX_FILTER_AUTHENT_EX structure. A pointer to this structure is passed in each call to the HttpFilterProc entry-point function when the Web proxy sends an SF_NOTIFY_AUTHENTICATION notification to the Web filters that are registered to receive this notification just before Forefront TMG authenticates a client. If the fAuthIsRequired member of the WPX_FILTER_AUTHENT_EX structure is set to FALSE, the call to SetAuthenticatedUser succeeds, but the user specified is not set as an authenticated user.
Server | Requires Windows Server 2008. |
---|---|
Version | Requires Forefront Threat Management Gateway (TMG). |
Header |
Declared in Wpxhttpfilt.h. |
DLL |
Requires W3Filter.dll. |
Send comments about this topic to Microsoft
Build date: 11/30/2009
© 2008 Microsoft Corporation. All rights reserved.