Geeks With Blogs
Drewby Made from 60% post-consumer recycled fiber.

Authorization Manager provides a set of APIs included with Windows 2003 (available as an add-on to Windows 2000) that provide application developers a way to build Role-Based Access Control into applications. When setting up Authorization Manager (AzMan), you can choose to locate your AzMan rules store in an XML file or in Active Directory. Often, you'll use one store (XML) for development move to a more scalable and flexible store (Active Directory) for production. I ran into two gotcha's that may help you when planning you're AzMan implementation:

  1. If you choose to locate your AzMan rules store in Active Directory (the better choice for production), your Active Directory domain must be in Windows 2003 Functional Mode. There's a good chance that your IT department has not yet finished the upgrade to Windows 2003 or has simply not set the domain in this mode (even if all domain controllers are Windows 2003). Of course, if you were developing all along with the XML store, you may not discover that until late in the project. Now you know.
  2. When you are using ADAM to store your AzMan rules, you cannot use Domain Local security groups from AD as membership groups for your Roles. You are limited to Domain Global groups. This is an issue if you are dealing with multiple domain forests and need to add users to the security group from other domains (Which you can only do with Domain Local groups).

If you've run into either of these issues and know work-arounds, I'd love to hear them. The first one is documented "feature", but I haven't found documentation on the second.

In the meantime, here's a third hint: If you are developing on Windows XP, you may be dissapointed that AzMan is not supported by this platform. However, there is a way! Install the Windows 2003 Administration Tools (from the Windows 2003 CD) on your machine, and you can use AzMan for development on XP.

Posted on Tuesday, September 14, 2004 12:05 AM .NET | Back to top

Copyright © Drew Robbins | Powered by: GeeksWithBlogs.net