Processing User Requests in Custom Authentication Mode

When you enable Custom Authentication, AuthFilter performs the following steps after being notified that an SF_NOTIFY_PREPROC_HEADERS event has occurred:

  1. It checks for site configuration properties in the local site cache and, if not found, reads the site configuration properties from the Administration database using a SiteConfig object and stores them in the site cache.
  2. It detects whether the requested URL is correct, and automatically corrects for case sensitivity in the URL.
  3. It checks for session-cookie support, and, if unavailable, redirects the user to the Active Server Pages (ASP) page specified in the No-Cookie form property in the CS Authentication resource. Usually this page notifies the user that cookies are required and that the user should resubmit the request once cookies are enabled.
  4. It checks whether the cookie contains an MSCSAuth ticket, and if it does not, it redirects the user to a login page.
  5. If the cookie contains an MSCSAuth ticket, it checks the current time against the last login time on the ticket to see if it is within the time window specified in the ticket.
  6. If the current time is past the time window specified in the ticket, the user is redirected to the login page as a non-validated user.
  7. If the current time is within the time window, the ticket is considered valid, and the user is sent to the requested page as a validated user. If the current time is within five minutes of the last login time plus the time window, the last login time on the ticket is changed to the current time so an active user can continue to browse.

See Also

Processing User Requests in Windows Authentication Mode

Enabling Custom Authentication

Authentication Features

Copyright © 2005 Microsoft Corporation.
All rights reserved.