Re: AzMan Still the way to go?

Certainly. I was just trying to answer the question a little diffierently
by pointing out the way AzMan is intended to be used and what the point of
the policy stuff is. I think your points are good and well taken.

I'd actually like to understand the membership provider stuff a bit better
as well, especially the AD version. I wrote a book about DS programming,
but we purposefully skipped that and I never had a chance to get into it, so
I see a lot of the problems that people have with it and I still don't know
the answers. The fact that ADAM should work as a user store doesn't mean
that it is particularly easy to do.

I see similar struggles with AzMan, such as the errors you mentioned in your
other post, and don't usually know what the problem there is either
(although it is almost always an issue with security context).

Whether or not I'll actually get around to any of this is hard to say. I'm
spending most of my time these days with ADFS or general .NET development
stuff. :)

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"MikeS" <michael.spencer@xxxxxxxxx> wrote in message
news:1156468886.771006.155300@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Yes sir, no disrespect of AzMan intended. Thank you for the bigger
picture, I appreciate it. I see the capability of AzMan.

As I implied and as you stated, it may be overkill for things like...
IsUserInRole("joe", "god")
and...
IsUserInrole("mike", "codemonkey").

I have to look at my Boston 2006 DVD's and catch up on the WWF
(!wrestling) sessions I missed but I have to assume AzMan figures in
there.

but lots of other people need to store their users in SQL and/or ADAM

I have never been able to get ADAM to work with AzMan using the ASP.NET
auth store role provider and the AD membership provider, I know there
is some anecdotal evidence of this being possible but it eludes me. I
think I finally decided I needed the auth store provider source code
since I figured it wasn't creating the context properly, or something,
it's been awhile.



.

Relevant Pages

  • ADAM with Azman
    ... activedirectory membership provider to speak to one ... Ideally ADAM will be the user/group repository and Azman ... construct a clientContext using the SID of the authenticated ADAM user. ...
    (microsoft.public.windows.server.active_directory)
  • nightmare with ADAM ldap and roleprovider
    ... activedirectory membership provider to speak to one ... Ideally ADAM will be the user/group repository and Azman ... ActiveDirectoryMemberShipProvider based code to ...
    (microsoft.public.dotnet.security)
  • Re: Roles/Groups in ASP.NET 2.0
    ... It sounds like you want AzMan, ... membership provider. ... AzMan allows you to specify complex operations, tasks, and groups. ... AzMan comes with Windows 2003, and you can install it in XP or Windows 2000 ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: WindowsTokenRoleProvider & Domain Groups
    ... as the auth store. ... If you do plan to use the AD membership provider, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The only reason I'm using Windows Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authorization Manager Problem
    ... It may also be the case the AzMan doesn't know how to do an anonymous LDAP ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I have a scenario where I am using Azman, with the store in an Active ... Directory Domain controller. ...
    (microsoft.public.dotnet.security)