Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
AuthorizeConnection method
Collapse the table of content
Expand the table of content

ITSGPolicyEngine::AuthorizeConnection method

Determines whether the specified connection is authorized to connect to Remote Desktop Gateway (RD Gateway).

RD Gateway calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.


HRESULT AuthorizeConnection(
  [in] GUID                        mainSessionId,
  [in] BSTR                        username,
  [in] AAAuthSchemes               authType,
  [in] BSTR                        clientMachineIP,
  [in] BSTR                        clientMachineName,
  [in] BYTE                        *sohData,
  [in] ULONG                       numSOHBytes,
  [in] BYTE                        *cookieData,
  [in] ULONG                       numCookieBytes,
  [in] HANDLE_PTR                  userToken,
  [in] ITSGAuthorizeConnectionSink *pSink


mainSessionId [in]

A unique identifier assigned to the connection request by RD Gateway.

username [in]

The user name.

authType [in]

A value of the AAAuthSchemes enumeration type that specifies the type of authentication used to connect to RD Gateway.

clientMachineIP [in]

The IP address of the user's computer.

clientMachineName [in]

The name of the user's computer.

sohData [in]

A pointer to a BYTE that contains the statement of health (SoH) provided by the user's computer. If the authorization plug-in does not require a statement of health, this parameter is NULL. For more information, see the IsQuarantineEnabled method.

numSOHBytes [in]

The number of bytes referenced by the sohData parameter.

cookieData [in]

A pointer to a BYTE that contains the cookie provided by the user. If the authType parameter is not set to AA_AUTH_COOKIE, this parameter is NULL.

numCookieBytes [in]

The number of bytes referenced by the cookieData parameter.

userToken [in]

A pointer to a HANDLE that specifies the user token of the user. If the user is not running Windows, this parameter is NULL.

pSink [in]

A pointer to an ITSGAuthorizeConnectionSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.

Return value

If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.


If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeConnectionSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.

If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.


For an example that uses the AuthorizeConnection method, see Remote Desktop Gateway Pluggable Authentication and Authorization Sample.


Minimum supported client

Windows 7

Minimum supported server

Windows Server 2008 R2





See also




© 2015 Microsoft