ITSGPolicyEngine::AuthorizeResource method

Determines which resources the specified connection is authorized to connect to.

Remote Desktop Gateway (RD Gateway) calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.

Syntax

HRESULT AuthorizeResource(
  GUID                      mainSessionId,
  int                       subSessionId,
  BSTR                      username,
  BSTR                      *resourceNames,
  ULONG                     numResources,
  BSTR                      *alternateResourceNames,
  ULONG                     numAlternateResourceName,
  ULONG                     portNumber,
  BSTR                      operation,
  BYTE                      *cookie,
  ULONG                     numBytesInCookie,
  ITSGAuthorizeResourceSink *pSink
);

Parameters

mainSessionId

A unique identifier assigned to the connection request by RD Gateway.

subSessionId

A unique identifier assigned to the subsession by RD Gateway. A subsession is a session launched from another session.

username

The user name.

resourceNames

A list of resources to authorize.

numResources

The number of resources referenced by the resourceNames parameter.

alternateResourceNames

A pointer to a BSTR that contains a list of alternate resource names. This parameter is only valid when RD Connection Broker is in use.

numAlternateResourceName

The number of alternate resource names referenced by the alternateResourceNames parameter.

portNumber

The port number specified by the user.

operation

The operation that the user is attempting on the resource. This parameter is always set to "RDP".

cookie

A pointer to a BYTE that contains the cookie provided by the user. If the user did not authenticate by using a cookie, this parameter is NULL.

numBytesInCookie

The number of bytes referenced by the cookie parameter.

pSink

A pointer to an ITSGAuthorizeResourceSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.

Return Value

If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.

Remarks

If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeResourceSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.

If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.

Examples

For an example that uses the AuthorizeResource method, see Remote Desktop Gateway Pluggable Authentication and Authorization Sample.

Requirements

   
Windows version Windows 7 Windows Server 2008 R2
Target Platform Windows
Header tsgpolicyengine.h

See Also

ITSGPolicyEngine