Re: SqlRoleProvider & windows authentication

I think the key benefit with AzMan is the programming model. You are
encouraged to make all of your authorization decisions on the most granular
element, operations, and then roll those up into tasks and roles with then
map to security principals. By programming to operations, you can avoid
overlap in functionality and the admins of the system can change which roles
get which operations without affecting your code. If done carefully, this
can be a huge win from a maintenance perspective since you have at least one
layer of abstraction between the code doing the authorization and the way
the model is presented to the admins.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"SpaceMarine" <spacemarine@xxxxxxxxxxxxxx> wrote in message
news:1d190da4-85d7-471e-a443-6df5c72a8dfa@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jul 5, 4:42 pm, SpaceMarine <spacemar...@xxxxxxxxxxxxxx> wrote:
can anyone confirm whether or not a the SqlRoleProvider can be used
for a web app thats using Windows Authentication?

it can. i implemented this via the SqlRoleProvider, using a SQL Server
2005 instance. it works, but when using Windows Authentication you do
not get to use VS.NET's built-in user manager UI. for more:

http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx

using your own DB:

http://weblogs.asp.net/scottgu/archive/2005/08/25/423703.aspx


....so now I have both the SqlRoleProvider and
AuthorizationStoreRoleProvider (AzMan) working... dont know which is
best, yet. Azman has a slight advantage in that its very compact and
one can use its MMC snap-in UI; plus it has more granular sub-role
support for tasks & operations. but the SqlRoleProvider is nice in
that I can easily add its db instance to our data-recovery plan.

decisions..


sm


.

Relevant Pages

  • Re: Back Doors
    ... If there are ways for nonauthorized programming to breach security, than I for one do not know of them, and they certainly would be APARable. ... It is up to management to decide who needs to be trusted, and it is important for them to make these decisions intelligently. ... That's a consequence of authorization being essentially a two tiered construct. ...
    (bit.listserv.ibm-main)
  • Re: AzMan Still the way to go?
    ... The main idea with AzMan is the concept of programming against operations. ... The main idea behind the XML store is that you need a place to store the ... planning on having the whole site use IIS windows authentication. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ADAM and Authorization and Profile Application Block
    ... Profile Application Block with ADAM). ... What I have see in my little research is also the Authorization ... Manager (azMan) present in Win2003. ... The problem now was for me integrate Authorization and Profile ...
    (microsoft.public.windows.server.active_directory)
  • AzMan Run-Time Enhancement Request
    ... I was just wondering if Microsoft has given any thought to making the AzMan ... run-time XML Serializeable? ... authorization information for a user. ... The web service uses AzMan run-time to retrieve the user's authorization ...
    (microsoft.public.platformsdk.security)
  • Connecting AzMan - AzAuthorizationStore.Initialize()
    ... It works successfully when I run that under the AzMan ... cannot connect to Authorization Manager Policy Store. ... User_B in Reader & Administrator Group in Security Tab. ...
    (microsoft.public.dotnet.languages.csharp)