tags:

views:

219

answers:

2
+3  Q: 

Authorization and Entitlement solution on .Net like earlier in AzMan

Hello. What is the best way to achieve application authorization and entitlement in .Net. Earlier AzMan use to be the standard way. With the advent of provider model, at least roles are taken care of but I am not sure about the authorization & entitlement. I am looking at the ability to define and access operation level permissions for roles / users. What is the most suitable way to achieve the above?

+2  A: 

According to this blog post the ClaimsAuthorizationManager API is 'next generation of AzMan'. It's just an API however, and doesn't come with a default implementation or an admin GUI, so it's not yet really a direct replacement.

Andrew Strong  2010-03-03 09:52:49
+1  A: 

The WIF/ Geneva stuff still doesn't seem as "mature" as AzMan. We have been using AzMan for about 3 years now, and our implementation has evolved from a straight link into the azman.dll through to a WCF based service which serves up roles and operations. The WCF service services WinForms, WPF clients and I'm now in the process of getting it to work with Silverlight. I don't see us switching from AzMan an time soon, at least not until a front end is produced to set up the WIF roles, operations etc like that provided for free in azman....

As for the details, well we have our azman store in Active Directory and a .net dll built that provides a .net wrapper around the ugly COM azroles.dll. On top of this we have a WCF service that basically just passes the requests for roles and operations straight thru to the .net azman dll. Roles and operations etc are returned as string arrays for the client to handle. There are two ways of doing authentication by the service. Either through 1) anonymous authentication, or 2) windows authentication (pass-thru). This means that if you supply a username and password then anonymous authentication is used which first uses these strings to Authenticate you. If pass-thru/Windows Authentication is used then the WCF service already knows that you are an authenticated windows user... There could be an argument for splitting the anon and windows authentication into two seperate services...

Generally the winforms and WPF clients use the windows authentication to pass through and get the available roles, whilst the Silverlight clients use anonymous authentication...

Calanus  2010-07-08 10:13:33
Great Calanus! It'll be nice if you could share some more details of your approach.
Kabeer  2010-07-08 18:00:13
Based on your description, it sounds like you are just using AzMan as the role and operation store. Do you use the AccessCheck() method at all?
Jeremy Wiebe  2010-09-21 19:09:56

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?