AuthentiX Extensibility SDK

Authenticate

The Authenticate method is called by AuthentiX when the By COM option is set. Authenticate should return return 1 for success or an error code for authentication failure.

Visual C++ Syntax

short CAuthCOMCtrl::Authenticate( long FAR* verify,
BSTR FAR* username,
BSTR FAR* password,
BSTR FAR* ipAddress,
BSTR FAR* userAgent,
BSTR FAR* referrer,
BSTR FAR* scriptName,
BSTR FAR* bstrUserString,
BSTR FAR* bstrqueryString,
BSTR FAR* bstrReserved2,
long FAR* longReserved1,
long FAR* longReserved2);

Visual Basic Syntax

Public Function Authenticate( verifyArg As Long, _
username As String, _
password As String, _
ipAddress As String, _
userAgent As String, _
referrer As String, _
scriptName As String, _
UserString As String, _
bstrqueryString As String, _
bstrReserved2 As String, _
longReserved1 As Long, _
longReserved2 As Long) _
As Integer

Parameters

verify
Usually you can ignore this parameter unless you need it for keeping logs.
When using ODBC style username/password caching, you can specify how long before a user must be verified against the datasource, the default is 60 minutes.
The cache is inspected every minute, and users that have not been active for more than 10 minutes are removed from the cache. However if a user is active for an extended period of time, another lookup is forced to verify that the user is still valid.
To remove a username from the cache directly, use ODBCRemoveUserFromCache
The verify flag indicates whether this is the first login (value = 1) or a verify (value = 2).

username
The username the website visitor has supplied.
password
The password the website visitor has supplied.
ipAddress
The IP Address from which the visitor is making the request.
userAgent
The user agent (browser) the visitor is using,
referrer
The referring URL that brought the visitor to the requested page.
scriptName
The path of the file being requested.
bstrUserString
A string set in the COM Options dialog. You can use this to set a per-directory parameter of your choice.

bstrqueryString
The query string of the request, if any (5.4c and above). Return value: username (see longReserved2)
bstrReserved2
REQUEST_METHOD (5.5m and above). Return value: password (see longReserved2)
5.8d and above: if the checkbox is checked, then ALL_HTTP is appended to the Request Method.
longReserved1
Reserved. Use for concurrency limit logins return value;
longReserved2
Reserved. If 1 is returned, then the return value of bstrqueryString and bstrReserved2 are treated as the NT SAM username and password respectively. This login information is used to impersonate that user on each request (This is documented per a request for a custom upgrade, however since this upgrade was never commissioned, this functionality is not implemented. ).

Return Values

Return 1 for success
Return 3 if user not found
Return 6 if user found and wrong password
Return 9 if user found and expired

#define AUTHX_DENIED_EMPTY -2
#define AUTHX_DENIED_UNKNOWN_USER -3
#define AUTHX_DENIED_BAD_PASSWORD -6
#define AUTHX_DENIED_REFERRAL_BLOCK -4
#define AUTHX_DENIED_MULTI_BLOCKED -5
#define AUTHX_DENIED_EXPIRED -7
#define AUTHX_DENIED_ODBC_EXPIRED -9
#define AUTHX_DENIED_COOKIE_TIMED_OUT -10
#define AUTHX_DENIED_IP_BLOCK -11
#define AUTHX_DENIED_KBYTES -12
#define AUTHX_DENIED_REQUESTS -13
#define AUTHX_DENIED_SEQ_LOGINS -14
#define AUTHX_DENIED_FOOTPRINT -15
#define AUTHX_DENIED_DN_BLOCK -16
#define AUTHX_DENIED_UA_BLOCK -17
#define AUTHX_DENIED_DAP -18
#define AUTHX_DENIED_TIMED_OUT -19
If you return your own codes, please use the range 901-999.

Example

Example projects for VC++ and VB are included with the product in the installation directory.

Applies To

Back to Tutorial