IIS includes a pointer to this structure when it is authenticating a user with either anonymous or Basic authentication schemes. If your filter should be notified for this event, it should register for the SF_NOTIFY_AUTHENTICATION event.

      CHAR * pszUser;
      DWORD cbUserBuff;
      CHAR * pszPassword;
      DWORD cbPasswordBuff;


  • pszUser
    Points to a string containing the user name for this request. An empty string indicates an anonymous user.

  • cbUserBuff
    The size of the buffer pointed to by pszUser. This is guaranteed to be at least SF_MAX_USERNAME.

  • pszPassword
    Points to a string containing the password for this request.

  • cbPasswordBuff
    The size of the buffer pointed to by pszPassword. This is guaranteed to be at least SF_MAX_PASSWORD.


When the server is about to authenticate the client, this structure is pointed to by the pvNotification parameter in the HttpFilterProc function when the notificationType parameter is SF_NOTIFY_AUTHENTICATION. The pszUser and pszPassword members contain the information sent by the client. After exiting this function, these values must represent a valid Windows user account and password. IIS will then impersonate this account in order to gain access to resources. If the authentication method used is integrated Windows authentication, the password value will not be available.


Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

Header: Declared in httpfilt.h.

See Also