Microsoft Authorization Manager (AzMan) Role Management

If AzMan is chosen for role-based security management, then a role provider must be configured, typically by the Security Wizard.  Role provider connection strings are used by the AzMan API to connect to the policy store which can reside in an XML file or in the Active Directory.

One role provider always should be set as the default.  Role providers are populated from your application’s Web.config file if any are configured there.  Invalid role provider connection strings make the AzMan policy store unreachable and in some cases can cause your application to crash.

If the AzMan policy store is not available when configuring security via the Security Wizard, no roles will be populated (visible) except standard roles such as ‘everyone’, ‘no one’, and ‘signed-in only’.  Hence role configuration is possible only when the Security Wizard can reach the AzMan policy store.

Actual role names are stored in text format in these tags:

AzMan role management operates similarly to Windows User Groups with the only difference is that user’s roles are retrieved from the AzMan policy store instead of Active Directory groups.  Application users still are authenticated against the default provider or specific provider if the specific domain is a part of the user name, but roles relate to all domains.  However, in AzMan when you assign users to roles, the user name has the format of username@domain.com, so when the application requests access for this user, the domain name must also match.

See Also

Configuring Your System for Application Security

Configuring Microsoft IIS and IIS Express for Application Security

Configuring IIS Express

Active Directory Role Management

Configuring Microsoft Active Directory

Microsoft Authorization Manager (AzMan) Role Management

Configuring Microsoft Authorization Manager (AzMan)

Microsoft SharePoint Authentication and Authorization

Data Transmission Encryption

Configuring Firewall Security

Handling SQL Injection Attacks