16.8. Summary
AuthorizationStoreRoleProvider maps most RoleProvider functionality (with the exception of the FindUsersInRole method) onto the Authorization Manager (AzMan) feature of Windows Server 2003 domains. The provider works with AzMan policy stores located in Active Directory, ADAM or ADLDS (in Windows Server 2008), Microsoft SQL Server (Microsoft SQL Server 2000 and above), or file-based policy stores. You can use the provider in both ASP.NET and non-ASP.NET applications. If you want to use the provider in partially trusted applications, though, there are a number of restrictions around using file-based, directory-based, and Microsoft SQL Server database-based policy stores.
Using a directory-based, database-based, or file-based AzMan policy store with the provider is straightforward. After the AzMan policy store has been created and populated, you need to grant access to the store. With the appropriate access rights (NTFS rights for the file-based policy store and AzMan-specific roles for directory-based and database-based policy stores), AuthorizationStoreRoleProvider can then connect to the AzMan policy store. The provider carries out its operations in the context of either a specific AzMan application or in the context of an AzMan scope.
Even though the RoleProvider class does not expose the concept of role nesting, if you have structured your AzMan policy store with any of its nesting features, the GetRolesForUser and IsUserInRole methods will correctly reflect the ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
