"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn**********************************@127.0.0. 1...
"Willy Denoyette [MVP]" <wi*************@telenet.bewrote in
news:uv*************@TK2MSFTNGP06.phx.gbl:
>You can use the AD to be used as a centralized policy store that holds
authorization policy for one or more applications.
Start here:
http://msdn2.microsoft.com/en-us/library/aa480244.aspx
to get an idea how you can use Authorization Manager as an high-end
authorization solution for .NET and native COM based applications.
Thanks - I'll take a look at AzMan.
Do you have any experience with AzMan? Is it suitable for use in
redistributable applications? What I means is are the policies easily
packaged for deployment?
Well, it depends on what kind of store you are looking for and what you mean
exactly with "packaged for deployment".
The easiest AZRoles store to deploy is the XML file type , which can be used
as policy store to describe all tasks/roles etc for an application or a
group of applications. But in general you shouldn't use this kind of store
other than for prototyping and development.
All other store types (SQL Server, ADAM, AD) can de created/updated at
deployment time from code (script or other) using the AzMan API's.
Also is the API for AzMan easy to use?
Please define "easy".
All AzMan's functionality is exposed as a set of COM interfaces.
You can use these from scripting clients like VBScript and JScrip as well as
from higher level languages like VB6, C#, VB.NET, C++ etc..
The exposed interfaces can be used for both "administration" and
"programming". That means that there is a set for administration, while an
other set is meant for "application development".
Note that AzMan is only available on W2K and XP (as redistributable) and
W2K3 and higher (as part of the OS), note also that Vista and higher include
some additional functionality.
Willy.