IIS includes a pointer to this structure when a user is presented with an Access Denied error message. If your filter should be notified for this event, it should register for the SF_NOTIFY_ACCESS_DENIED event.
typedef struct _HTTP_FILTER_ACCESS_DENIED {
const CHAR * pszURL;
const CHAR * pszPhysicalPath;
DWORD dwReason;
} HTTP_FILTER_ACCESS_DENIED, *PHTTP_FILTER_ACCESS_DENIED;
| Value | Meaning |
| SF_DENIED_LOGON | The client could not be logged on. |
| SF_DENIED_RESOURCE | The resource was denied by a Windows DACL. |
| SF_DENIED_FILTER | An ISAPI filter denied the request. |
| SF_DENIED_APPLICATION | An ISAPI extension or CGI application denied the request. |
| SF_DENIED_BY_CONFIG | The server configuration denied the request. For example, disabling anonymous requests on the server would generate this filter notification when a user without credentials tried to make a request to the server. |
This structure indicates that access to the requested resource has been denied by the server. The structure is generated when there has been a logon failure, or if a user requests a resource that has an associated discretionary access control list that does not include the logged-on user.
The server will automatically include the supported authentication schemes when an ISAPI extension, filter, or CGI script returns a 401 Access Denied error code.