Share via


IFWXSession::HostAccessCheck method

Applies to: desktop apps only

The HostAccessCheck method checks the permission of the session user to access a specified host, by using the access rules.

Syntax

HRESULT HostAccessCheck(
  [in]            REFGUID FilterGuid,
  [in]            REFGUID ProtocolGuid,
  [in]            LPHOSTENT Hostent,
  [in]            USHORT SrcPort,
  [in]            LPCSTR pszPath,
  [in]            LPCSTR pszMime,
  [in, optional]  DWORD dwFlags,
  [in]            IUnknown **ProcessedRulesData
);

Parameters

  • FilterGuid [in]
    Reference to the GUID identifying the filter that the connection is part of.

  • ProtocolGuid [in]
    Reference to the GUID that identifies the protocol.

  • Hostent [in]
    Pointer to a hostent structure that specifies the host.

  • SrcPort [in]
    The source port number.

  • pszPath [in]
    Pointer to a null-terminated string containing the path to be checked. This parameter may be NULL if the path is unknown or irrelevant.

  • pszMime [in]
    Pointer to a null-terminated string containing the MIME data type (such as "text/html") to be checked. This parameter can be NULL if the MIME type is unknown or irrelevant.

  • dwFlags [in, optional]
    HostAccessCheck flags. This parameter can be a bitwise combination of the following values, or 0 if none of the options apply:

    Value Meaning
    FWX_FLAG_USE_MIME

    The pszMime parameter is currently NULL, but may be known later. If this flag is specified, and the pszMime parameter is NULL and the MIME type is required for processing of the rules, FWX_E_MIME_NEEDED will be returned.

    FWX_FLAG_USE_EXTENTION

    Use the extension of the pszPath parameters for content filtering.

    FWX_FLAG_CHECK_PUBLISHING

    Use this parameter to include publishing rules in the permission decision. If this parameter is not set, publishing rules will not be taken into consideration. This flag is typically used with FWX_FLAG_BYPASS_ALLOW_ACCESS. When these parameters are used together, only deny rules and publishing rules will be checked.

    FWX_FLAG_BYPASS_ALLOW_ACCESS

    Use this parameter to instruct the Microsoft Firewall service not to check allow rules. This flag is typically used with FWX_FLAG_CHECK_PUBLISHING. When these parameters are used together, only deny rules and publishing rules will be checked.

     

  • ProcessedRulesData [in]
    Data regarding the per-rule configuration of the filter. This data is processed by the Firewall service when it starts, or when you change the rules.

Return value

This method can return one of these values.

  • S_OK
    The user is allowed to access the host.

  • S_FALSE
    The user is denied access to the host.

  • E_INVALIDARG
    More than one host name or IP address was specified in the Hostent parameter.

  • FWX_E_MIME_NEEDED
    The FWX_FLAG_USE_MIME flag was specified, but the pszMime parameter was NULL. The MIME type is required to complete the processing of the rules.

  • Error code
    The method failed.

Remarks

The hostent structure may contain a host name or an IP address, or both a host name and an IP address, but it may not contain more than one host name or IP address. Access is checked based on the information available in the hostent structure.

Requirements

Minimum supported client

None supported

Minimum supported server

Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)

Version

Forefront Threat Management Gateway (TMG) 2010

Header

Wspfwext.idl

DLL

Wspsrv.exe

See also

IFWXSession

IFWXFirewall::CreatePrivateSession

 

 

Build date: 7/12/2010