Case 2: Send the Requested URL

In this case, cookies are enabled. The requested URL is returned to the user in either of these scenarios:

• The returned cookie contains a valid MSCSAuth ticket and the user has access rights to the requested URL, or

• The returned cookie does not contain an MSCSAuth ticket but the requested URL has anonymous access rights.

To accomplish this, the AuthFilter performs the following steps in the background after being notified by IIS that an SF_NOTIFY_PREPROC_HEADERS event has occurred:

1. Checks for site configuration properties in the local site cache and, if not found, reads the site configuration properties from the Administration database using a SiteConfig object.

2. Sends a cookie with an MSCSFirstRequestedURL property set to the originally requested URL.

3. If the returned cookie does not contain an MSCSAuth ticket, processing is returned to IIS.

4. If the requested URL has anonymous access rights, the URL is returned.

5. If the cookie contains an MSCSAuth ticket, the AuthFilter checks the local password cache for an entry matching the user ID contained in the cookie.

6. On finding a matching entry, the AuthFilter checks the current time against the last login time set on the ticket to see if it is within the time window specified in the ticket. If the current time is within five minutes of the last login time plus the time window, the last login time on the ticket is changed to the current time so an active user can remain browsing.

7. Since the current time is within the time window, the ticket is considered valid, and the user ID and password are submitted to IIS for access to the requested URL.

8. Since the user has access rights to the requested URL, IIS returns the page.

See Also

URL Request Outcomes

Case 1: Redirect to a Support Page

Case 3: Redirect to a Login Page

All rights reserved.