Hi Greg,
I used AzMan a while ago for an MVC application running through an intranet (not publicly accessible), and used an xml file to store the roles and groups (just because it was easy to set up, but still seems to work well in practice). I didn’t have to do anything too low-level to get this working. I can’t provide the full code to everyone on the list, but it involved adding a System.Web.Security.AuthorizationStoreRoleProvider item to the <roleManager>/<providers> section of the web.config, adding a connection string that points to the xml file, then adding the allowed roles into the <authorization> section. I could then use standard security attributes on Controllers and views via the [Authorize] attribute. I think you originally mentioned you were looking to do this for a desktop application rather than web, but I wondered if the ‘Enable Client Application Services’ section of the project properties might allow this here as well (never played around with this though, so can’t offer any further advice here). Might be something I will have a tinker with in my spare time… Otherwise, let me know off-list if you need more specific details and I may be able to assist. Cheers, Mark. From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Keogh Sent: Tuesday, 16 December 2014 6:37 PM To: ozDotNet Subject: Re: AzMan viability Hi Greg, did you manage to solve this issue? The following page seems to indicate it can still be done via the Enterprise Library http://stackoverflow.com/questions/14229771/azman-obsolete-what-is-the-new-alternative-to-azman I have officially given-up on using AzMan. I thought it would be as easy as making the rules (which is really easy in the msc plugin), then referencing a library and making a few calls. I was going well until I couldn't find the library and the public methods didn't match any of the sample code, not even code in MSDN magazine articles or Keith Brown's book <http://www.amazon.com/NET-Developers-Guide-Windows-Security/dp/0321228359> . If EntLib has a wrapper around azman.dll then that's too bad, as I'm not going back to using that bloated mess. I had to use EntLib years ago due to a dependency from netTiers, and it just cluttered things up (a poor decision by the template authors I think). For years I thought that Azman was just a database combined with an API, the sort of thing any of us could write, but I suspect now that it was a wrapper over the non-trivial AuthZ API <http://msdn.microsoft.com/en-us/library/windows/desktop/ff394773(v=vs.85).aspx> which exposes the kernel-mode SRM (Security Reference Monitor) model in user-mode. Years ago I asked in here if there was a way of using ACLs to protect arbitrary application defined objects (as we did on IBM mainframes with RACF). I think the answer was "no" or "it's really hard" as you'd have to manage and serialize the ACLs yourself, so the Windows security model is not easily extensible for use in applications. I further suspect now that Azman was designed to bridge this gap, but advertising for it was misleading or sparse and it never became popular in communities like this. If anyone has insider knowledge and can confirm or deny what I've said, then I'm all ears! Greg K
