ITSGPolicyEngine::AuthorizeConnection method (tsgpolicyengine.h)

  • Article

Determines whether the specified connection is authorized to connect to Remote Desktop Gateway (RD Gateway).

RD Gateway calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.

Syntax

HRESULT AuthorizeConnection(
  [in] GUID                        mainSessionId,
  [in] BSTR                        username,
  [in] AAAuthSchemes               authType,
  [in] BSTR                        clientMachineIP,
  [in] BSTR                        clientMachineName,
  [in] BYTE                        *sohData,
  [in] ULONG                       numSOHBytes,
  [in] BYTE                        *cookieData,
  [in] ULONG                       numCookieBytes,
  [in] HANDLE_PTR                  userToken,
  [in] ITSGAuthorizeConnectionSink *pSink
);

Parameters

[in] mainSessionId

A unique identifier assigned to the connection request by RD Gateway.

[in] username

The user name.

[in] authType

A value of the AAAuthSchemes enumeration type that specifies the type of authentication used to connect to RD Gateway.

[in] clientMachineIP

The IP address of the user's computer.

[in] clientMachineName

The name of the user's computer.

[in] sohData

A pointer to a BYTE that contains the statement of health (SoH) provided by the user's computer. If the authorization plug-in does not require a statement of health, this parameter is NULL. For more information, see the IsQuarantineEnabled method.

[in] numSOHBytes

The number of bytes referenced by the sohData parameter.

[in] cookieData

A pointer to a BYTE that contains the cookie provided by the user. If the authType parameter is not set to AA_AUTH_COOKIE, this parameter is NULL.

[in] numCookieBytes

The number of bytes referenced by the cookieData parameter.

[in] userToken

A pointer to a HANDLE that specifies the user token of the user. If the user is not running Windows, this parameter is NULL.

[in] pSink

A pointer to an ITSGAuthorizeConnectionSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.

Return value

If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.

Remarks

If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeConnectionSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.

If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.

For a sample that uses the AuthorizeConnection method, see the Remote Desktop Gateway Pluggable Authentication and Authorization sample.

Requirements

Requirement Value
Minimum supported client Windows 7
Minimum supported server Windows Server 2008 R2
Target Platform Windows
Header tsgpolicyengine.h

See also

ITSGAuthorizeConnectionSink

ITSGPolicyEngine

IsQuarantineEnabled