The GetServerVariable function retrieves information about an HTTP connection or about IIS itself.
Some server variables, such as Request_Method and Content_Length are embedded in the EXTENSION_CONTROL_BLOCK structure. You can use GetServerVariable to obtain information about the request or server that is not included in the EXTENSION_CONTROL_BLOCK.
BOOL WINAPI GetServerVariable(
HCONN hConn,
LPSTR lpszVariableName,
LPVOID lpvBuffer,
LPDWORD lpdwSizeofBuffer
);
Variable | Description |
ALL_HTTP | Retrieves all HTTP headers that were received. These variables are of the form HTTP_header field name. The headers consist of a null-terminated string with the individual headers separated by line feeds. |
ALL_RAW | Retrieves all headers in raw form. The header names and values appear as they are sent by the client. Currently, this value is primarily used by proxy servers and other similar applications. |
APPL_MD_PATH | Retrieves the metabase path of the application for the ISAPI DLL or the script. |
APPL_PHYSICAL_PATH | Retrieves the physical path that corresponds with the metabase path. IIS maps the namespace to the physical directory path; this allows APPL_MD_PATH to return this value. This is a costly function (in run time) compared to getting just APPL_MD_PATH. |
AUTH_PASSWORD | Specifies the value entered in the client's authentication dialog. This variable is only available if Basic authentication is used. |
AUTH_TYPE | Specifies the type of authentication used. If the string is empty, then no authentication is used. Possible values are Kerberos, user, SSL/PCT, Basic, and integrated Windows authentication. |
AUTH_USER | Specifies the value entered in the client's authentication dialog box. |
CERT_COOKIE | Specifies a unique ID for a client certificate. Returned as a string. Can be used as a signature for the whole client certificate. |
CERT_FLAGS | If bit0 is set to 1, a client certificate is present. If bit1 is set to 1, the certification authority (CA) of the client certificate is invalid (that is, it is not on this server's list of recognized CAs). |
CERT_ISSUER | Specifies the issuer field of the client certificate. For example, the following codes might be O=MS, OU=IAS, CN=user name, C=USA, and so on. |
CERT_KEYSIZE | Specifies the number of bits in the Secure Sockets Layer (SSL) connection key size. |
CERT_SECRETKEYSIZE | Specifies the number of bits in the server certificate private key. |
CERT_SERIALNUMBER | Specifies the serial-number field of the client certificate. |
CERT_SERVER_ISSUER | Specifies the issuer field of the server certificate. |
CERT_SERVER_SUBJECT | Specifies the subject field of the server certificate. |
CERT_SUBJECT | Specifies the subject field of the client certificate. |
CONTENT_LENGTH | Specifies the number of bytes of data that the script or extension can expect to receive from the client. This total does not include headers. |
CONTENT_TYPE | Specifies the content type of the information supplied in the body of a POST request. |
LOGON_USER | The Windows account that the user is logged into. |
HTTPS | Returns on if the request came in through secure channel (with SSL encryption), or off if the request is for an unsecure channel. |
HTTPS_KEYSIZE | Specifies the number of bits in the SSL connection key size. |
HTTPS_SECRETKEYSIZE | Specifies the number of bits in server certificate private key. |
HTTPS_SERVER_ISSUER | Specifies the issuer field of the server certificate. |
HTTPS_SERVER_SUBJECT | Specifies the subject field of the server certificate. |
INSTANCE_ID | Specifies the ID for the server instance in textual format. If the instance ID is 1, it appears as a string. This value can be used to retrieve the ID of the Web-server instance, in the metabase, to which the request belongs. |
INSTANCE_META_PATH | Specifies the metabase path for the instance to which the request belongs. |
PATH_INFO | Specifies the additional path information, as given by the client. This consists of the trailing part of the URL after the script or ISAPI DLL name, but before the query string, if any. |
PATH_TRANSLATED | Specifies this is the value of PATH_INFO, but with any virtual path expanded into a directory specification. |
QUERY_STRING | Specifies the information that follows the first question mark in the URL that referenced this script. |
REMOTE_ADDR | Specifies the IP address of the client or agent of the client (for example gateway, proxy, or firewall) that sent the request. |
REMOTE_HOST | Specifies the host name of the client or agent of the client (for example, gateway, proxy or firewall) that sent the request if reverse DNS is enabled. Otherwise, this value is set to the IP address specified by REMOTE_ADDR. |
REMOTE_USER | Specifies the user name supplied by the client and authenticated by the server. This comes back as an empty string when the user is anonymous. |
REQUEST_METHOD | Specifies the HTTP request method verb. |
SCRIPT_NAME | Specifies the name of the script program being executed. |
SERVER_NAME | Specifies the server's host name, or IP address, as it should appear in self-referencing URLs. |
SERVER_PORT | Specifies the TCP/IP port on which the request was received. |
SERVER_PORT_SECURE | Specifies a string of either 0 or 1. If the request is being handled on the secure port, then this will be 1. Otherwise, it will be 0. |
SERVER_PROTOCOL | Specifies the name and version of the information retrieval protocol relating to this request. |
SERVER_SOFTWARE | Specifies the name and version of the Web server under which the ISAPI extension DLL program is running. |
URL | Specifies the base portion of the URL. Parameter values will not be included. The value is determined when IIS parses the URL from the header. |
If the function succeeds, the return value is TRUE. If the function fails, the return value is FALSE. The Win32® GetLastError function can be used to determine why the call failed. The following are the possible error values.
Value | Meaning |
ERROR_INVALID_PARAMETER | Bad connection handle, or invalid values, in either lpszVariableName or lpdwSizeOfBuffer. |
ERROR_INVALID_INDEX | Bad or unsupported variable identifier. |
ERROR_INSUFFICIENT_BUFFER | Buffer too small. The required buffer size is *lpdwSizeofBuffer. |
ERROR_NO_DATA | The data requested is not available. |
The GetServerVariable function copies information into a buffer supplied by the caller. The information can include CGI variables and information relating to an HTTP connection or to the server itself.
Note In respect to AUTH_TYPE, if the string is not empty it does not mean the user was authenticated (if the authentication scheme is not Basic or integrated Windows authentication). The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme.
The lpszVariableName can be used to retrieve a specific request (client) header by using the HTTP_headername value. For example, supplying the value HTTP_ACCEPT returns the Accept header, and HTTP_VERSION returns the Version header.
The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,).
If bit 1 of the Cert_Flags variable is set to 1, indicating that the certificate is invalid, IIS version 4.0 and later will reject the certificate. Earlier versions of IIS will not reject the certificate.
For more information on server variables see http://hoohoo.ncsa.uiuc.edu/cgi/env.html.