These next few posts I’m going to discuss the changes between the original CustomAuth.cpp and the version I modified. I’m only going to talk about the changes I made and talk about 1-2 functions in each post. If a function is in the code but I don’t talk about it, then it wasn’t changed, is fairly simple, and can be figured out while looking at the code. Besides, Microsoft/people who wrote the code did a great job with comments.
HttpExtensionProc
This function is the entry point of the filter where all the commands are given. It is the entry point for IIS and decides what to do with each request.
First, the function checks to see if authentication has already taken place and passes the request along. It also grabs the url for use later on. Then it checks to see if it is a Logon or Logoff request and passes to request to each appropriate function for handling, ProcessLogon or ProcessLogoff. If we are using the built-in login page, then it checks for that and passes the request to the SendBuiltinLogonPage function where the login page will be returned.
Now, if nothing else has been done, then we check for the login cookie. If the cookie is found, then an attempt is made to log out the user from the server. If that was successful, then the credentials are pulled from the cookie with the GetUserInfoAndUpdateCookie function. The user is then logged into the server, the cookie and user information is cleared, and the request is passed along. If a cookie is found, the user is logged off of the server to make sure their credentials are correct.
After any processing, the request is then passed along for IIS to handle like any other request.
