WFP REMOTE_USER_ID field is always FWP_EMPTY

Question

Hello.

We have developed a Windows Filtering Platform callout driver. We are trying to obtain de Remote User ID for an incoming connection, considering both TCP and UDP connections.

Three layers have been identified that provide the REMOTE_USER_ID fields:

• ALE_AUTH_RECV_ACCEPT (FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_RECV_ACCEPT_V6_ALE_REMOTE_USER_ID)
• ALE_AUTH_CONNECT (FWPS_FIELD_ALE_AUTH_CONNECT_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_AUTH_CONNECT_V6_ALE_REMOTE_USER_ID)
• ALE_FLOW_ESTABLISHED (FWPS_FIELD_ALE_FLOW_ESTABLISHED_V4_ALE_REMOTE_USER_ID, FWPS_FIELD_ALE_FLOW_ESTABLISHED_V6_ALE_REMOTE_USER_ID)

However, the REMOTE_USER_ID related FWPS_INCOMING_VALUE0_ field is always FWP_EMPTY for the given layers.

1. Is this an expected behaviour?
2. How can we obtain the REMOTE_USER_ID?

Thanks a lot in advance!

Answer 1

Hi ,

Driver Development is currently not supported in the Q&A forums, the supported products are listed over here: https://learn.microsoft.com/en-us/answers/products/ (more to be added later on).

For the related questions about Driver Development you can ask in here:

https://social.msdn.microsoft.com/Forums/windowshardware/en-US/home?forum=wdk

--------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hello.

Thanks for the clarification @Candy Luo . I will move the request then.

Regards,

Rodrigo