WSMAN_PLUGIN_AUTHORIZE_USER callback function (wsman.h)

Authorizes a connection. The plug-in should verify that this user is allowed to perform any operations. If the user is allowed to perform operations, the plug-in must report a success. If the user is not allowed to carry out any type of operation, a failure must be returned.

Every new connection does not need to be authorized. After a user has been authorized to connect, a user record is created to track the activities of the user. While that record exists, all new connections will automatically be authorized. The user record will time-out after a configurable amount of time after no activity is detected.

The DLL entry point name for this method must be WSManPluginAuthzUser.



void WsmanPluginAuthorizeUser(
  [in] PVOID pluginContext,
  [in] WSMAN_SENDER_DETAILS *senderDetails,
  [in] DWORD flags


[in] pluginContext

Specifies the context that was returned by a call to WSManPluginStartup. This parameter represents a specific application initialization of a WinRM plug-in.

[in] senderDetails

A pointer to the WSMAN_SENDER_DETAILS structure that specifies the identification information of the user to be authorized.

[in] flags

Reserved for future use. Must be set to zero.

Return value



The plug-in must call WSManPluginAuthzUserComplete to report either that the user was successfully authorized with NO_ERROR or that the user was not authorized with ERROR_ACCESS_DENIED. An ERROR_WSMAN_REDIRECT_REQUIRED error should be reported if an HTTP redirect is required for this user, and the new HTTP URI should be recorded in extendedErrorInformation of the WSManPluginAuthzUserComplete method. All other errors report a failure to the client, but no specific information is reported.


Minimum supported client Windows 7
Minimum supported server Windows Server 2008 R2
Target Platform Windows
Header wsman.h
Redistributable Windows Management Framework on Windows Server 2008 with SP2, Windows Vista with SP1, and Windows Vista with SP2