Code to Set a Custom Property on a Ticket

This example shows how to set a custom property named guid, which holds a globally unique identifier (GUID) string on an MSCSAuth ticket. The technique is also valid for an MSCSProfile ticket and other custom properties. Setting this property is used to thwart a distributed denial of service (DDOS) attack when using the AuthFilter ISAPI filter in Windows Authentication mode. For more information about DDOS, see AuthFilter and DDoS Attacks.

  1. Create the GenID object.

    Dim oGenID
    Set oGenID = Server.CreateObject("Commerce.GenID")
    
  2. Create the GUID string.

    Dim sGUID
    sGUID = oGenID.GenGUIDString()
    
  3. Using the AuthManager object, oAuthManager, created and initialized in Code to Create and Initialize AuthManager, place the guid property on the previously set MSCSAuth ticket. To place the property on an MSCSProfile ticket, replace the enumMSCS_AuthTicketType parameter with enumMSCS_ProfileTicketType.

    oAuthManager.SetProperty enumMSCS_AuthTicketType, "guid", sGUID
    
  4. Append the guid property to the URL string as a custom property and redirect the user to the originally requested URL. This step is not required for custom properties in general and is provided for completeness in the DDOS example.

    Dim sReturn
    sReturn = Request.Cookies("MSCSFirstRequestedURL") & "guid=" & sGUID
    Response.Redirect sReturn
    
  5. Release the objects.

    Set oGenID = Nothing
    Set oAuthManager = Nothing
    

Copyright © 2005 Microsoft Corporation.
All rights reserved.