How to use AzMan to manage roles with Active Directory
In my recent project I had a requirement to configure user roles in AzMan with Active Direcrtory. AzMan consist of Operations, Tasks and Roles. List of operations can be added into Tasks and list of Tasks can be added into Roles. You can play with AzMan with a snapin (just type Azman.msc in your run command) that will come with windows server 2003, or if you install 2003 administrative tools for XP professional.
Sample Active Directory Connection String :
msldap://Server IP/CN=AzManStore,DC=Domain Name
Initializing the AzMan Store:
Dim _AzManStore As New AzAuthorizationStore()
_AzManStore.Initialize(0, Convert.ToString(ConfigurationManager.ConnectionStrings("ADRoleConnectionString")), Nothing)
_azApp = _AzManStore.OpenApplication(Roles.ApplicationName)
_azRoleProvider = New AzManRoleProvider()
Getting the list of Operations from AzMan:
Public Function GetOperations(ByVal username As String) As List(Of IAzOperation)
Dim _Operations As New List(Of IAzOperation)
For Each azOperation As IAzOperation In _azApp.Operations
If Me.IsOperationAllowed(azOperation, username) Then
_Operations.Add(azOperation)
End If
Next
Return _Operations
End Function
Getting the list of operations based on a given task:
Public Function GetOperationsByTask(ByVal username As String, ByVal taskName As String) As List(Of IAzOperation)
Dim _Operations As New List(Of IAzOperation)
Dim _azTask As IAzTask
If taskName.Length > 0 Then
_azTask = _azApp.OpenTask(taskName)
For i As Integer = 0 To _azTask.Operations.Length - 1
Dim _TaskOperation As IAzOperation = _azApp.OpenOperation(_azTask.Operations(i))
If Me.IsOperationAllowed(_TaskOperation, username) Then
_Operations.Add(_TaskOperation)
End If
Next
End If
Return _Operations
End Function
Checking whether an operation is allowed for a user:
Private Function IsOperationAllowed(ByVal pOperation As IAzOperation, ByVal pUsername As String) As Boolean
Dim _User As MembershipUser = Membership.GetUser(pUsername)
Dim userContext As IAzClientContext = _azApp.InitializeClientContextFromStringSid(_User.ProviderUserKey.ToString, 1, Nothing)
'Check if user has access to the operations
Dim operationIds() As Object = {pOperation.OperationID}
Dim scope() As Object = {String.Empty}
Dim result() As Object = userContext.AccessCheck("Auditstring", scope, operationIds)
'Test the integer array we got back to see which operations are authorized
If (result(0) = NO_ERROR) Then
Return True
Else
Return False
End If
End Function