ISA Web Filter AUTH_USER issue

ISA Web Filter AUTH_USER issue (Full Version)

All Forums >> [ISA 2006 Misc.] >> ISA 2006 Programming

Message

m_kk -> ISA Web Filter AUTH_USER issue (2.Jul.2008 10:52:17 AM)
Hello, I am not sure if this is an issue with my web filter or the ISA 2006 server. The function of the ISA webfilter is to intercept the http traffic and pass it to another server for decision making. I use pfc->GetServerVariable(pfc, "AUTH_USER", username, &dwSize) function to get the user name of the user who requested the url. Interestingly when the user browses to a site and hits refresh (every 30 secs) on the browser the first request does not have a user name but the rest do have the user name. Any one have encountered similar issue? Thanks in advance for any help.

ferrix -> RE: ISA Web Filter AUTH_USER issue (2.Jul.2008 1:46:57 PM)
Which event are you using? If it's anything earlier than SF_NOTIFY_AUTH_COMPLETE, then the AUTH_USER value is not going to be set yet.

m_kk -> RE: ISA Web Filter AUTH_USER issue (7.Jul.2008 4:38:07 PM)
Great, I was listening to SF_NOTIFY_PREPROC_HEADERS. Thanks for the information. I used the SF_NOTIFY_AUTH_COMPLETE notification, but it would not read the OnAuthComplete function anymore. I used the debug view to view the out put, the filter is terminating immediately after registering the events and this is the error shown on the debugger "CDynamicStorageWrapper<T>::ReloadConfiguration: T::CreateRefInstance() failed. hRc=80070057". I have no clue whats happening. I am new to this filter programming. So any help will be apprectiated. Thank you.

ferrix -> RE: ISA Web Filter AUTH_USER issue (7.Jul.2008 7:40:18 PM)
It sounds like you're pretty far along, but you may find this helpful: http://www.collectivesoftware.com/Products/IsaScript Why bother with doing it the hard way :)

ferrix -> RE: ISA Web Filter AUTH_USER issue (7.Jul.2008 7:55:40 PM)
a note from the sdk: Note The SF_NOTIFY_ORDER_DEFAULT, SF_NOTIFY_ORDER_LOW, SF_NOTIFY_ORDER_MEDIUM, and SF_NOTIFY_ORDER_HIGH flags should not be included in this parameter.

m_kk -> RE: ISA Web Filter AUTH_USER issue (8.Jul.2008 11:20:11 AM)
Thanks for the update. It good to know something like isascript exists building a webfilter is indeed time consuming. But for now unfortunately i cannot use it since the filter is already build and also it quite pricey to be honest I removed the SF_NOTIFY_ORDER_HIGH flag. But still is terminating after the first entry point function. I feel its a configuration issue on the ISA side. Any settings on ISA side are required so that it would send the SF_NOTIFY_AUTH_COMPLETE notification?. I already checked in the "Required authentication" (integrated) for the Internal web proxy clients. Thanks for all the help.

ferrix -> RE: ISA Web Filter AUTH_USER issue (8.Jul.2008 11:29:55 AM)
Pricey compared to all the time you will spend debugging? ;) It's free to evaluate for 30 days. But hey I understand not everyone can afford it. It's a very sophisticated filter so it does not come cheap.

m_kk -> RE: ISA Web Filter AUTH_USER issue (8.Jul.2008 11:42:38 AM)
quote: ORIGINAL: ferrix Pricey compared to all the time you will spend debugging? Well thats exactly what I am thinking. I was hoping for something like it, but i don't think i could convince my boos for that. The filter is a basic one too. So does the ISA server send the notification by default configuration or have to check some boxes for it to send the SF_NOTIFY_AUTH_COMPLETE notification. again thank you for all the help.

ferrix -> RE: ISA Web Filter AUTH_USER issue (8.Jul.2008 11:45:07 AM)
No there's nothing you have to configure in the interface. It's all programmatic. I bet your boss is paying you more $ for all your work than it would cost for the filter. But for you that is a benefit! :) Good luck.

m_kk -> RE: ISA Web Filter AUTH_USER issue (8.Jul.2008 12:08:48 PM)
Thanks again at least I know its in the program. quote: ORIGINAL: ferrix I bet your boss is paying you more $ for all your work than it would cost for the filter. But for you that is a benefit! :) Good luck. Thats true 5% of my job is secure

Page: [1]