Re: Question about Authorization Manager

"John" <ask@xxxxxx> wrote in message
news:uIPq%23ZANGHA.3888@xxxxxxxxxxxxxxxxxxxxxxx
John wrote:
Secondly to this.. why is it that a task that has only a lower level task
as its definition considered invalid? (throws an exception) It seems to
me that the operations as defined are supposed to be low level
operations, I should be capable of creating a single task from the
definition of two or more tasks that have their own operations. Yet this
as well throws an exception.

If you were working more closely against the AzMan API (as opposed to via a
wrapper like the security app block), you would realize that there is only
one way of querying a user's rights to perform an action, and that is at the
_operation_ level (via the IAzClientContext:AccessCheck method). Tasks and
roles are essentially just convenience "buckets" meant to help when
assigning permissions to users. However, an application should be
interested only in operations. Since you have only one operation, at the
underlying AzMan level, its the only securable for which your application
can request access permissions.


Ok.. sorry to keep replying to myself.. but I discovered why the above is
happening. This doesn't explain my original question because that behavior
I believe is within AzMan itself.

I located the code that is generating an error based on a Task that is
only comprised of lower level tasks. It is within Security Application
Block file AzManAuthorizationProvider.cs line 166-169

if (operations.Count == 0)
{
throw new ConfigurationException(SR.NoOperations);
}

This seems rather unlikely to be causing your problem, which is presumably
occuring because an access check that you believe should fail is actually
passing. This wouldn't be happening if an exception were thrown from the
access check method. Instead of trying to troubleshoot this blindly, could
you perhaps post the code you are using to attempt your access check?


.

Relevant Pages

  • Re: Question about Authorization Manager
    ... John wrote: ... task as its definition considered invalid? ... It seems to me that the operations as defined are supposed to be low level operations, I should be capable of creating a single task from the definition of two or more tasks that have their own operations. ... Yet this as well throws an exception. ...
    (microsoft.public.dotnet.security)
  • Re: Question about Authorization Manager
    ... why is it that a task that has only a lower level task as its definition considered invalid? ... Yet this as well throws an exception. ... None of this makes sense considering the documentation within Authorization Manager. ...
    (microsoft.public.dotnet.security)