Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Determines which resources the specified connection is authorized to connect to.
Remote Desktop Gateway (RD Gateway) calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.
Syntax
HRESULT AuthorizeResource(
[in] GUID mainSessionId,
[in] int subSessionId,
[in] BSTR username,
[in] BSTR *resourceNames,
[in] ULONG numResources,
[in] BSTR *alternateResourceNames,
[in] ULONG numAlternateResourceName,
[in] ULONG portNumber,
[in] BSTR operation,
[in] BYTE *cookie,
[in] ULONG numBytesInCookie,
[in] ITSGAuthorizeResourceSink *pSink
);
Parameters
[in] mainSessionId
A unique identifier assigned to the connection request by RD Gateway.
[in] subSessionId
A unique identifier assigned to the subsession by RD Gateway. A subsession is a session launched from another session.
[in] username
The user name.
[in] resourceNames
A list of resources to authorize.
[in] numResources
The number of resources referenced by the resourceNames parameter.
[in] alternateResourceNames
A pointer to a BSTR that contains a list of alternate resource names. This parameter is only valid when RD Connection Broker is in use.
[in] numAlternateResourceName
The number of alternate resource names referenced by the alternateResourceNames parameter.
[in] portNumber
The port number specified by the user.
[in] operation
The operation that the user is attempting on the resource. This parameter is always set to "RDP".
[in] cookie
A pointer to a BYTE that contains the cookie provided by the user. If the user did not authenticate by using a cookie, this parameter is NULL.
[in] numBytesInCookie
The number of bytes referenced by the cookie parameter.
[in] pSink
A pointer to an ITSGAuthorizeResourceSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.
Return value
If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
Remarks
If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeResourceSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.
If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.
For a sample that uses the AuthorizeResource method, see the Remote Desktop Gateway Pluggable Authentication and Authorization sample.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 |
| Minimum supported server | Windows Server 2008 R2 |
| Target Platform | Windows |
| Header | tsgpolicyengine.h |