Authorization and Entitlement solution on .Net like earlier in AzMan

元气小坏坏 提交于 2019-12-21 02:58:13

问题


What is the best way to achieve application authorization and entitlement in .Net. Earlier AzMan use to be the standard way. With the advent of provider model, at least roles are taken care of but I am not sure about the authorization & entitlement. I am looking at the ability to define and access operation level permissions for roles / users. What is the most suitable way to achieve the above?


回答1:


According to this blog post the ClaimsAuthorizationManager API is 'next generation of AzMan'. It's just an API however, and doesn't come with a default implementation or an admin GUI, so it's not yet really a direct replacement.




回答2:


The WIF/ Geneva stuff still doesn't seem as "mature" as AzMan. We have been using AzMan for about 3 years now, and our implementation has evolved from a straight link into the azman.dll through to a WCF based service which serves up roles and operations. The WCF service services WinForms, WPF clients and I'm now in the process of getting it to work with Silverlight. I don't see us switching from AzMan an time soon, at least not until a front end is produced to set up the WIF roles, operations etc like that provided for free in azman....

As for the details, well we have our azman store in Active Directory and a .net dll built that provides a .net wrapper around the ugly COM azroles.dll. On top of this we have a WCF service that basically just passes the requests for roles and operations straight thru to the .net azman dll. Roles and operations etc are returned as string arrays for the client to handle. There are two ways of doing authentication by the service. Either through 1) anonymous authentication, or 2) windows authentication (pass-thru). This means that if you supply a username and password then anonymous authentication is used which first uses these strings to Authenticate you. If pass-thru/Windows Authentication is used then the WCF service already knows that you are an authenticated windows user... There could be an argument for splitting the anon and windows authentication into two seperate services...

Generally the winforms and WPF clients use the windows authentication to pass through and get the available roles, whilst the Silverlight clients use anonymous authentication...



来源:https://stackoverflow.com/questions/2366073/authorization-and-entitlement-solution-on-net-like-earlier-in-azman

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!