IFWXSession Interface

The IFWXSession interface is implemented by the Microsoft Firewall service on the session object. The IFWXSession interface is used to attach a data filter to a session and to monitor the session's events.

The session object implements session-specific functions that impersonate the user account, test access control lists (ACLs) against the session user, retrieve information about the client computer, and perform protocol operations.

For more information about how the IFWXSession interface is used in application filters, see Filter Object Model.


interface IFWXSession : IUnknown


The IFWXSession interface inherits the methods of the IUnknown interface.

In addition, IFWXSession defines the following methods.

Method Description


Retrieves the address of the user.


Retrieves the name of the client computer, if it is available. The Firewall client passes the computer name in the request. The name is not available for SecureNAT clients.


Retrieves an IFWXAuthenticatedUser interface that represents the authenticated user for the session.


Checks the permission of the session user to access a specified host, by using the access rules.


Allows the session's client to make a secondary outbound connection.


Binds a set of addresses on behalf of the session's client and creates the required instances of the IFWXConnection interface in preparation for secondary inbound connections.


Allows a client that did not create a remote bind to receive a primary inbound connection.


Retrieves flags that provide information about the session.


Enables connections by using a local, internal Microsoft Firewall service address.


Causes a filter to be loaded for this session, even if the initial event for this filter has not yet happened. If the filter has already attached a session filter for this session, nothing happens. Otherwise, the filter's IFWXFilter::AttachToSession method is called.


Allows a filter to set a data filter factory for events for which the filter is not registered. This method can be used to reduce the number of events for which a filter registers.


Allows a Firewall client to receive a secondary inbound connection on a socket that was previously bound by the Firewall client, but was not necessarily approved by the Microsoft Firewall service.


Creates a TCP/IP socket that is associated with this session.


Retrieves host information corresponding to a host name. This method is similar to the Winsock gethostbyname function.


Retrieves host information corresponding to an address.


Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).

Declared in Wspfwext.idl.

See Also

Filter Interfaces

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.