locked
Generate Handle for user token without user password. RRS feed

  • Question

  • I am trying to utilize the Remote Desktop Gateway Pluggable Authentication and Authorization services and am running into an issue with further expansion of my plugin.  As of right now I can Authenticate and Authorize a user using the custom authentication and custom authorization plugins but I would like to utilize native authorization instead. I believe the way to do this would be by passing the correct user handle to the Gateway server via the OnUserAuthenticated method featured below instead of passing a NULL.

    STDMETHODIMP CRDGTestAuthenticationEngineImpl::AuthenticateUser(
        __in GUID mainSessionId,
        __in LPBYTE cookieData,
        __in ULONG numCookieBytes,
        __in ULONG_PTR context,
        __in ITSGAuthenticateUserSink *pSink
        ) {
    
        ...
        // do authentication stuff...
        ...
    
        if (validUser) {
            pSink->OnUserAuthenticated(m_userName,
                                       m_userDomain,
                                       m_context,
                                       NULL);
        }

    In the custom authorization plugin the values passed via Authenticate's OnUserAuthenticated are then taken and validated against the given XML file.

    My question is how can I generate that user token handle pointer without having the user's password? I know LogonUser is capable of getting this token but I do not have access to the user's password, I need to be able to grab this user via AD query. Any insight on this issue is greatly appreciated.

    Tuesday, August 5, 2014 3:51 PM

All replies

  • Hi,

    I help you move this thread to General Windows Desktop Development issues forum for a better support.

    May


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, August 6, 2014 1:59 AM
  • I'm not sure whether you can accomplish this, but you can see this sample for ideas: http://code.msdn.microsoft.com/Remote-Desktop-Gateway-517d6273

    Best Regards,
    Please remember to mark the replies as answers if they help

    Thursday, August 7, 2014 6:32 AM