IIS includes a pointer to this structure when it is authenticating a user with either anonymous or Basic authentication schemes. If your filter should be notified for this event, it should register for the SF_NOTIFY_AUTHENTICATION event.
typedef struct _HTTP_FILTER_AUTHENT
{
CHAR * pszUser;
DWORD cbUserBuff;
CHAR * pszPassword;
DWORD cbPasswordBuff;
} HTTP_FILTER_AUTHENT, *PHTTP_FILTER_AUTHENT;
When the server is about to authenticate the client, this structure is pointed to by the pvNotification parameter in the HttpFilterProc function when the notificationType parameter is SF_NOTIFY_AUTHENTICATION. This can be used to implement a different authentication scheme. The pszUser and pszPassword members contain the information sent by the client. After exiting this function, these values must represent a valid Windows NTŪ user account and password. IIS will then impersonate this account in order to gain access to resources. If the authentication method used is NTLM the password value will not be available.