Demonstrates the server variables that are affected by the user and the security settings used on the page, shows how to require authentication by returning a 401 (Unauthorized) status code if the LOGON_USER server variable is empty, and shows how to get the impersonation token for the client.
The request handler gets the value of the LOGON_USER server variable and checks its length. If the length is zero, the request handler returns HTTP_UNAUTHORIZED as the code. As long as one of the Authenticated access methods is enabled for the document, the browser will allow users to authenticate themselves; otherwise users will just see that access has been denied.
When authentication occurs, the page displays the following server variables:
The request handler also gets the impersonation token for the user by calling IHttpServerContext::GetImpersonationToken.