Re: Question about Authorization Manager

Nicole Calinoiu wrote:
"John Parrish" <ask@xxxxxx> wrote in message news:%23luPc0aNGHA.2884@xxxxxxxxxxxxxxxxxxxxxxx
Even with access checks being done only at the operation level, if I check access on a task which is comprised only of 2 tasks,

At the AzMan level, checking access on a task is simply not possible. It is only possible to check access to one or more operations.


I realize that tasks are simply "buckets" for operations but as noted in that article the buckets may contain additional buckets. My original post had to do with a task comprised of 2 operations (1 of which was included as a nested task). Taking the union of all operations in a task, and checking access on each of the operations, if any one of these operation access checks should fail, the entire request should fail. This was the behavior I was not seeing, it was allowing access on 1 operation succeeding.

each of which have operations, the security access application block WILL throw an exception.. that is related to the code I had posted.

Could you please post the code that you are using to make this access check? Also, could you please specify which release of the Enterprise Library you are using?

I am using the January 2005 release of the EAB. The code is fairly simple so I'm not sure you will get much value out of it, but in a nutshell here you go:

// get the identity of the current threads user
this.mUserPrincipal = new GenericPrincipal(WindowsIdentity.GetCurrent(),null);
this.mSecurityProvider = AuthorizationFactory.GetAuthorizationProvider("MySecProvider");

//check access
bool result = mSecurityProvider.Authorize(mUserPrincipal,"Print Check");

If you would like me to be completely thorough I could post an LDIF of the authorization store along with a full project demonstrating where I see an issue, but that would seem to require alot of work on the part of anyone assisting me. I am looking mostly for information regarding AzMan. I now have the API reference so I may just refer to it.

Or you could just fix the security block implementation if it has a problem...

I plan to do that if it is appropriate, I have posted over on the workspace for the block but so far have not received a reply.