Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Determines whether the specified connection is authorized to connect to Remote Desktop Gateway (RD Gateway).
RD Gateway calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.
Syntax
HRESULT AuthorizeConnection(
[in] GUID mainSessionId,
[in] BSTR username,
[in] AAAuthSchemes authType,
[in] BSTR clientMachineIP,
[in] BSTR clientMachineName,
[in] BYTE *sohData,
[in] ULONG numSOHBytes,
[in] BYTE *cookieData,
[in] ULONG numCookieBytes,
[in] HANDLE_PTR userToken,
[in] ITSGAuthorizeConnectionSink *pSink
);
Parameters
[in] mainSessionId
A unique identifier assigned to the connection request by RD Gateway.
[in] username
The user name.
[in] authType
A value of the AAAuthSchemes enumeration type that specifies the type of authentication used to connect to RD Gateway.
[in] clientMachineIP
The IP address of the user's computer.
[in] clientMachineName
The name of the user's computer.
[in] sohData
A pointer to a BYTE that contains the statement of health (SoH) provided by the user's computer. If the authorization plug-in does not require a statement of health, this parameter is NULL. For more information, see the IsQuarantineEnabled method.
[in] numSOHBytes
The number of bytes referenced by the sohData parameter.
[in] cookieData
A pointer to a BYTE that contains the cookie provided by the user. If the authType parameter is not set to AA_AUTH_COOKIE, this parameter is NULL.
[in] numCookieBytes
The number of bytes referenced by the cookieData parameter.
[in] userToken
A pointer to a HANDLE that specifies the user token of the user. If the user is not running Windows, this parameter is NULL.
[in] pSink
A pointer to an ITSGAuthorizeConnectionSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.
Return value
If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
Remarks
If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeConnectionSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.
If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.
For a sample that uses the AuthorizeConnection method, see the Remote Desktop Gateway Pluggable Authentication and Authorization sample.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 |
| Minimum supported server | Windows Server 2008 R2 |
| Target Platform | Windows |
| Header | tsgpolicyengine.h |