Windows Authorization Manager (AzMan): The Best Kept Secret…
I don’t know how many times I’ve had someone say to me that has “discovered” AzMan that they feel it is one of the best kept secrets in Windows. However, since keeping it a secret has never been in the mind of the product team, it’s time to extend its press. Authorization Manager is a technology that essentially lets the application developer remove the hard-coded authorization policy from their application and “externalize” it in a form where it can be managed by an administrator. AzMan provides a tool for managing Role-Based Access Control (RBAC) policy in the form of a MMC Snap-in. This policy can be stored in an XML file or either Active Directory or Active Directory Application Mode. Using its API in your application, you then instantiate an AzMan context, bring in the policy and perform access checks at runtime for the various authorization decisions your application needs to make. The API can also be used for you to build your own custom management tools that may better fit with your application’s deployment needs or look-and-feel.
But, rather than drilling too deeply into things here, I’m going to use this as a jumping off point for “all things AzMan.” As with any technology there’s the potential for information saturation and then possibly ending up with less information than you needed. So although I can’t/won’t mention every resource, I’ll try and bubble up for architects and developers some of the key resources to get you going and you can dig deeper from there.
To get the ball rolling, I’m announcing here a new "Demystified Series" of screencasts on Channel9 for AzMan by Keith Brown. These should get you charged up and rolling on its concepts and programming techniques. Keith says that AzMan is, “…a hidden gem in Windows that can help you build Role-Based Access Control into your applications.” I hope you find this true as well.
ADAM and AzMan:
FileHold uses AzMan and ADAM in their product, FileHold '06 and '07.
"RBAC for Multi-tier Applications Using Authorization Manager" by Dave McPherson
"Developing Applications Using Windows Authorization Manager" a most comprehensive AzMan dev resource.
AzMan Team Blog don't be without it!
Added additional screencast links - 03/08/07
Updated some links - 01/28/09