If AzMan is chosen for role-based security management, then a role provider must be configured, typically by the Application Security Wizard. Role provider connection strings are used by the AzMan API to connect to the policy store which can reside in an XML file or in the Active Directory.
One role provider always should be set as the default. Role providers are populated from your application’s Web.config file if any are configured there. Invalid role provider connection strings make the AzMan policy store unreachable and in some cases can cause your application to crash.
If the AzMan policy store is not available when configuring security via the Application Security Wizard, no roles will be populated (visible) except standard roles such as ‘everyone’, ‘no one’, and ‘signed-in only’. Hence role configuration is possible only when the Application Security Wizard can reach the AzMan policy store.
Actual role names are stored in text format in these tags:
<WUG> -- Windows User Groups
<AM> -- AzMan
AzMan role management operates similarly to Windows User Groups with the only difference is that user’s roles are retrieved from the AzMan policy store instead of Active Directory groups. Application users still are authenticated against the default provider or specific provider if the specific domain is a part of the user name, but roles relate to all domains. However, in AzMan when you assign users to roles, the user name has the format of [email protected], so when the application requests access for this user, the domain name must also match.
Configuring Your System for Application Security
Configuring Microsoft IIS and IIS Express for Application Security
Active Directory Role Management
Configuring Microsoft Active Directory
Microsoft Authorization Manager (AzMan) Role Management
Configuring Microsoft Authorization Manager (AzMan)
Microsoft SharePoint Authentication and Authorization
Handling SQL Injection Attacks