If the the client session could be authenticated, the
return value is non-zero. If the client ID does not
specify a valid client session, or the client has already been
authenticated, this method will return zero.
The HttpAuthenticateClient method is used to authenticate a
specific client session, typically in response to an OnAuthenticate event
that indicates a client has provided authentication credentials as
part of the request for a document or other resource.
To enable the server to automatically authenticate a client
session, use the AddVirtualUser method to add one or more
virtual users. The server will search the list of virtual users for a
match to the credentials provided by the client and will set the
appropriate permissions for the session without requiring a event
handler to manually authenticate the session using this method.
If the server was started with the HTTP_SERVER_LOCALUSER option and
the client session is not authenticated using this method, the
server will attempt to authenticate the client session using the local
Windows user database. Although this option can be convenient because
it does not require the implementation of an event handler for the
OnAuthenticate event, it can be used by clients to attempt to
discover valid usernames and passwords for the local system. It is
recommended that you use the AddVirtualUser method to
create virtual users rather than using the local user database.
It is recommended that most applications specify HTTP_ACCESS_DEFAULT
as the dwUserAccess value for a client session, since this allows
the server automatically grant the appropriate access based on the server
configuration options.