AuthFilter and IIS Event Notifications

  • Article

The information in this topic is provided for system administrators and site developers. It is important to know the events in which AuthFilter subscribes, for the following reasons:

  • You have configured IIS to run other ISAPI filters, and you want to ensure that the other filters are compatible with AuthFilter.
  • You want to write your own authentication filter to work in conjunction with AuthFilter.

AuthFilter monitors both incoming and outgoing streams of data. It registers with Internet Information Services (IIS) for notification of the following events:

  • SF_NOTIFY_ORDER_LOW. Load AuthFilter low so that authentication occurs at the end of a list of filters. This means that if other ISAPI filters are running in IIS, they will process requests before AuthFilter does. If the customer has ISAPI filters from other applications, or their own custom ISAPI filters, they can configure these ISAPI filters at a higher priority if they want those filters to process requests before AuthFilter does.
  • SF_NOTIFY_SECURE_PORT / SF_NOTIFY_NONSECURE_PORT. AuthFilter supports secure/non-secure requests based on the event.
  • SF_NOTIFY_PREPROC_HEADERS. A single SF_PREPROC_HEADERS. An event that occurs for each page request signaling that the server has finished preprocessing the header and is about to begin processing the information inside the header. It is at this point that AuthFilter checks cookies.
  • SF_NOTIFY_URL_MAP. For mapping the URL to a physical path, correcting the URL, if required, for case sensitive virtual directory roots. Used to retrieve CS Authentication resource properties.
  • SF_NOTIFY_AUTHENTICATION. A notification that is sent just before IIS attempts to authenticate the user. It is at this point that AuthFilter retrieves and sets the user ID and password.
  • SF_NOTIFY_ACCESS_DENIED. Access denied. AuthFilter redirects to a login page or error page as required.
  • SF_NOTIFY_SEND_RESPONSE. Used to read proxy account information from the redirect (302) query string and store in cache. Also used to format a custom redirect header and body containing the first requested URL.
  • SF_NOTIFY_SEND_RAW_DATA. Used to filter out the original redirect request while performing a custom redirect.
  • SF_NOTIFY_END_OF_REQUEST. End of a particular request. AuthFilter writes the custom redirect message back to the client.
  • SF_NOTIFY_AUTH_COMPLETE. Used for Outlook Web Access (OWA) integration.

Copyright © 2005 Microsoft Corporation.
All rights reserved.