ITSGPolicyEngine::AuthorizeConnection method (tsgpolicyengine.h)
Determines whether the specified connection is authorized to connect to Remote Desktop Gateway (RD Gateway).
RD Gateway calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.
Syntax
HRESULT AuthorizeConnection(
[in] GUID mainSessionId,
[in] BSTR username,
[in] AAAuthSchemes authType,
[in] BSTR clientMachineIP,
[in] BSTR clientMachineName,
[in] BYTE *sohData,
[in] ULONG numSOHBytes,
[in] BYTE *cookieData,
[in] ULONG numCookieBytes,
[in] HANDLE_PTR userToken,
[in] ITSGAuthorizeConnectionSink *pSink
);
Parameters
[in] mainSessionId
A unique identifier assigned to the connection request by RD Gateway.
[in] username
The user name.
[in] authType
A value of the AAAuthSchemes enumeration type that specifies the type of authentication used to connect to RD Gateway.
[in] clientMachineIP
The IP address of the user's computer.
[in] clientMachineName
The name of the user's computer.
[in] sohData
A pointer to a BYTE that contains the statement of health (SoH) provided by the user's computer. If the authorization plug-in does not require a statement of health, this parameter is NULL. For more information, see the IsQuarantineEnabled method.
[in] numSOHBytes
The number of bytes referenced by the sohData parameter.
[in] cookieData
A pointer to a BYTE that contains the cookie provided by the user. If the authType parameter is not set to AA_AUTH_COOKIE, this parameter is NULL.
[in] numCookieBytes
The number of bytes referenced by the cookieData parameter.
[in] userToken
A pointer to a HANDLE that specifies the user token of the user. If the user is not running Windows, this parameter is NULL.
[in] pSink
A pointer to an ITSGAuthorizeConnectionSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.
Return value
If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
Remarks
If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeConnectionSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.
If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.
For a sample that uses the AuthorizeConnection method, see the Remote Desktop Gateway Pluggable Authentication and Authorization sample.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 |
| Minimum supported server | Windows Server 2008 R2 |
| Target Platform | Windows |
| Header | tsgpolicyengine.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for