Custom Authentication ISAPI Filter on CE 3.0
tcaminus-ola_at_yahoo.com
Date: 12/14/04
- Next message: Arvind: "SD card"
- Previous message: r_z_aret_at_pen_fact.com: "Re: PPC, Win CE, Win Mobile?"
- Next in thread: John Spaith [MS]: "Re: Custom Authentication ISAPI Filter on CE 3.0"
- Reply: John Spaith [MS]: "Re: Custom Authentication ISAPI Filter on CE 3.0"
- Reply: shiva: "RE: Custom Authentication ISAPI Filter on CE 3.0"
- Messages sorted by: [ date ] [ thread ]
Date: 13 Dec 2004 18:01:18 -0800
This is a rather bizarre problem (in my opinion) and will take a bit of
explaining, so please bear with me...
I have implemented an ISAPI filter that performs custom authentication
by handling the SF_NOTIFY_AUTHENTICATION event. All works well as far
as authentication goes. The problem comes in when trying to get the
current authenticated user name in an ISAPI Extension (NOT the filter),
using GetServerVariable to return AUTH_USER. All the pages on the site
are written as ISAPI extensions, and in several cases I need to know
the security level of the logged in user, as different options will be
rendered based on their security level. The first time a page is
accessed, it works fine. But, if the user presses Refresh on the
browser, GetServerVariable returns an empty value for AUTH_USER. I
should also point out that this problem only manifests itself when the
web page includes at least one other resource, such as an image or .css
file.
I have monitored the communication with a network analyzer, and have
put trace statements in my auth filter so I can see what events are
being called. I can see what is happening, I just don't know why. On
the initial page request, the authentication event is called for both
the ISAPI dll, and the header image (just a normal .gif that is
displayed at the top of the page). The sniffer shows this as two
separate TCP sessions. So far, so good... But when I refresh the page,
I lose the authenticated user (at least, when trying to access it via
the AUTH_USER server variable). The authentication event is ONLY called
for the image, and not the ISAPI dll. At this point, I cannot determine
who the authenticated user is. Again looking at the network capture, I
see a difference. This time, BOTH the ISAPI dll and image GET requests
are within the same TCP session. By the way, the "Authorization:
Basic..." information IS in the header of BOTH GET requests, but the
GET of the image occurs first, and that is the only resource for which
the authentication notification is triggered. It seems that if the
filter doesn't get called for the ISAPI dll (the actual "page"), I'm
not able to determine the user name, as the AUTH_USER server variable
is empty in this case. (I have also tried REMOTE_USER, but with the
same results).
Please note that my web application is running on the Windows CE 3.0
web server, which implements a subset of the HTTP/1.0 protocol, and has
a limited API. I am NOT using the Basic Authentication feature in the
web server, as the users logging in are not "Windows users". I'm trying
to manage everything through the custom authentication filter. I hope
someone can help as this problem has been driving me crazy for nearly
two weeks.
Thanks,
Tony
- Next message: Arvind: "SD card"
- Previous message: r_z_aret_at_pen_fact.com: "Re: PPC, Win CE, Win Mobile?"
- Next in thread: John Spaith [MS]: "Re: Custom Authentication ISAPI Filter on CE 3.0"
- Reply: John Spaith [MS]: "Re: Custom Authentication ISAPI Filter on CE 3.0"
- Reply: shiva: "RE: Custom Authentication ISAPI Filter on CE 3.0"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
