SetAuthenticatedUser callback function
Applies to: desktop apps only
The SetAuthenticatedUser callback function is used by Web filters to set an authenticated non-Windows user. This allows associating information about an authenticated user with the current request.
The SetAuthenticatedUser callback function is declared as:
Syntax
BOOL WINAPI SetAuthenticatedUser(
_In_ struct _HTTP_FILTER_CONTEXT *pfc,
_In_ LPSTR lpszUserName ,
_In_ LPSTR lpszNameSpace ,
_In_ LPSTR lpszUserGroups
);
Parameters
pfc [in]
Pointer to the HTTP_FILTER_CONTEXT data structure that is associated with the current, active HTTP session. The filter context is passed in this parameter.lpszUserName [in]
Pointer to a null-terminated string containing the user name.lpszNameSpace [in]
Pointer to a null-terminated string containing the namespace of the authentication scheme for the user, as specified in IFPCAuthenticationScheme.Note The server variables AUTH_USER, REMOTE_USER, LOGON_USER (described in GetServerVariable) do not contain the namespace when using SetAuthenticatedUser. These variables contain only the user name. The AUTH_TYPE variable contains the name of the custom authentication scheme, which should have the same name as the namespace. The authentication scheme can also be retrieved from the Web listener. Note that there can only be one extensible authentication scheme.
lpszUserGroups [in]
Pointer to a null-terminated string containing the user groups.
Return value
This callback function returns TRUE if the call is successful; otherwise, it returns FALSE. To obtain extended error information, call GetLastError.
Remarks
The filter should check whether the authentication scheme specified in the lpszNameSpace parameter is enabled by calling GetAuthSchemeStatus, before passing a user of this authentication scheme.
Both the lpszUserName and lpszNameSpace parameters are required. If the string supplied in lpszNameSpace is longer than UNLEN characters, the function will fail. UNLEN is defined in Lmcons.h.
The lpszUserGroups parameter is optional. It enables the administrator to create a broader rule. For example, an administrator could set a rule for MyAuthScheme\MyAdministrators. Then the Web filter implementing MyAuthScheme could pass a specific user name, indicating that the user is a member of MyAdministrators, and the user will match the rule.
The string supplied in lpszUserGroups can be a comma-separated list of user groups.
Web filters call the SetAuthenticatedUser function through a pointer that is a member of the WPX_FILTER_AUTHENT_EX structure. A pointer to this structure is passed in each call to the HttpFilterProc entry-point function when the Web proxy sends an SF_NOTIFY_AUTHENTICATION notification to the Web filters that are registered to receive this notification just before Forefront TMG authenticates a client. If the fAuthIsRequired member of the WPX_FILTER_AUTHENT_EX structure is set to FALSE, the call to SetAuthenticatedUser succeeds, but the user specified is not set as an authenticated user.
Requirements
Minimum supported client |
None supported |
Minimum supported server |
Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only) |
Version |
Forefront Threat Management Gateway (TMG) 2010 |
Header |
Wpxhttpfilt.h |
See also
Build date: 7/12/2010