ITSGPolicyEngine::AuthorizeResource method (tsgpolicyengine.h)
Determines which resources the specified connection is authorized to connect to.
Remote Desktop Gateway (RD Gateway) calls this method after a user has been successfully authenticated. The authorization plug-in should then use the ITSGAuthorizeConnectionSink interface to notify RD Gateway about the result of authorization.
Syntax
HRESULT AuthorizeResource(
[in] GUID mainSessionId,
[in] int subSessionId,
[in] BSTR username,
[in] BSTR *resourceNames,
[in] ULONG numResources,
[in] BSTR *alternateResourceNames,
[in] ULONG numAlternateResourceName,
[in] ULONG portNumber,
[in] BSTR operation,
[in] BYTE *cookie,
[in] ULONG numBytesInCookie,
[in] ITSGAuthorizeResourceSink *pSink
);
Parameters
[in] mainSessionId
A unique identifier assigned to the connection request by RD Gateway.
[in] subSessionId
A unique identifier assigned to the subsession by RD Gateway. A subsession is a session launched from another session.
[in] username
The user name.
[in] resourceNames
A list of resources to authorize.
[in] numResources
The number of resources referenced by the resourceNames parameter.
[in] alternateResourceNames
A pointer to a BSTR that contains a list of alternate resource names. This parameter is only valid when RD Connection Broker is in use.
[in] numAlternateResourceName
The number of alternate resource names referenced by the alternateResourceNames parameter.
[in] portNumber
The port number specified by the user.
[in] operation
The operation that the user is attempting on the resource. This parameter is always set to "RDP".
[in] cookie
A pointer to a BYTE that contains the cookie provided by the user. If the user did not authenticate by using a cookie, this parameter is NULL.
[in] numBytesInCookie
The number of bytes referenced by the cookie parameter.
[in] pSink
A pointer to an ITSGAuthorizeResourceSink interface that the authorization plug-in must use to notify RD Gateway about the result of authorization.
Return value
If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.
Remarks
If this method returns S_OK, RD Gateway waits for the authorization plug-in to call a method of the ITSGAuthorizeResourceSink interface. If any other value is returned, RD Gateway immediately denies the authorization request.
If authorization requires more than 1 second, we recommend starting a separate thread to perform authorization.
For a sample that uses the AuthorizeResource method, see the Remote Desktop Gateway Pluggable Authentication and Authorization sample.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 |
| Minimum supported server | Windows Server 2008 R2 |
| Target Platform | Windows |
| Header | tsgpolicyengine.h |