WSManPluginAuthzUserComplete function (wsman.h)

Called from the WSManPluginAuthzUser plug-in entry point and reports either a successful or failed user connection authorization.


DWORD WSManPluginAuthzUserComplete(
  [in]           WSMAN_SENDER_DETAILS *senderDetails,
  [in]           DWORD                flags,
  [in, optional] PVOID                userAuthorizationContext,
  [in, optional] HANDLE               impersonationToken,
  [in]           BOOL                 userIsAdministrator,
  [in]           DWORD                errorCode,
  [in, optional] PCWSTR               extendedErrorInformation


[in] senderDetails

A pointer to the WSMAN_SENDER_DETAILS structure that was passed into the WSManPluginAuthzUser plug-in call.

[in] flags

Reserved for future use. Must be set to zero.

[in, optional] userAuthorizationContext

Specifies a plug-in defined context that is used to help track user context information. This context can be returned to multiple calls, to this call, or to an operation call. The plug-in manages reference counting for all calls. If the user record times out or re-authorization is required, the WinRM infrastructure calls WSManPluginAuthzReleaseContext.

[in, optional] impersonationToken

Specifies the identity of the user. This parameter is the clientToken that was passed into senderDetails. If the plug-in changes the user context, a new impersonation token should be returned.

Note  This token is released after the operation has been completed.

[in] userIsAdministrator

Set to TRUE if the user is an administrator. Otherwise, this parameter is FALSE.

[in] errorCode

Reports either a successful or failed authorization. If the authorization is successful, the code should be ERROR_SUCCESS. If the user is not authorized to perform the operation, the error should be ERROR_ACCESS_DENIED. If a failure happens for any other reason, an appropriate error code should be used. Any error from this call will be sent back as a SOAP fault packet.

[in, optional] extendedErrorInformation

Specifies an XML document that contains any extra error information that needs to be reported to the client. This parameter is ignored if errorCode is NO_ERROR. The user interface language of the thread should be used for localization.

Return value

The method returns ERROR_SUCCESS if it succeeded; otherwise, it returns ERROR_INVALID_PARAMETER. If ERROR_INVALID_PARAMETER is returned, either the senderDetails parameter was NULL or the flags parameter was not zero.


If the impersonation token passed into senderDetails is not the identity with which the operation should be performed, or if no impersonation token is available and the plug-in specifies a new identity to carry out the request, the plug-in should return the new impersonationToken that the WSMan infrastructure will use to impersonate the client before calling into the operation plug-in. If an impersonation token is provided in the senderDetails and the plug-in wants to carry out the operation under that identity, the plug-in should copy the impersonation token from the senderDetails into the impersonationToken parameter. If the plug-in wants to carry out the request under the context of the Internet Information Services (IIS) host process, the impersonationToken should be NULL. If the impersonationToken is NULL, the thread will impersonate the process token before calling into the operation plug-in.

If the userIsAdministrator parameter is set to TRUE, the user is allowed to view and delete shells owned by different users.


Minimum supported client Windows 7
Minimum supported server Windows Server 2008 R2
Target Platform Windows
Header wsman.h
Library WsmSvc.lib
DLL WsmSvc.dll
Redistributable Windows Management Framework on Windows Server 2008 with SP2 and Windows Vista with SP2