AzMan and Custom SIDs – Part 2

Custom SIDs can be added to roles or to application groups.

You will have to do that programmatically because the MMC snapin only gives you the usual User/Group picker for local/domain accounts.

My aproach is to completely configure the AzMan store Operations/Tasks/Roles and Application Groups with the snapin and then add the SIDs to Application Groups through code.

How to open and close AzMan stores and applications (all eror checking omitted for brevity :)

public void OpenApplication(string StorePath, string ApplicationName)
{
  if (storeOpen == true)
    CloseApplication();
            
  store = new AzAuthorizationStoreClass();
  store.Initialize(2, StorePath, null);
  app = store.OpenApplication(ApplicationName, null);
}

public void CloseApplication()
{
  release(app);
  release(store);
}

void release(object o) 
{
   if (null != o)
   {
     while (0 != System.Runtime.InteropServices.Marshal.ReleaseComObject(o))
     continue;
   }
}

How to add and remove the SIDs to/from application groups:

public void AddSidToGroup (string Sid, string ApplicationGroup)
{
  IAzApplicationGroup appGroup = getApplicationGroup(ApplicationGroup);
  if (appGroup == null)
    throw new Exception(“Application Group not found”);

  appGroup.AddMember(Sid, null);
  appGroup.Submit(0, null);
}

public void RemoveSidFromGroup(string Sid, string ApplicationGroup)
{
  IAzApplicationGroup appGroup = getApplicationGroup(ApplicationGroup);
  if (appGroup == null)
    throw new Exception(“Application Group not found”);

   appGroup.DeleteMember(Sid, null);
   appGroup.Submit(0, null);
}

private IAzApplicationGroup getApplicationGroup(string ApplicationGroup)
{
   foreach (IAzApplicationGroup appGroup in app.ApplicationGroups)
     if (appGroup.Name == ApplicationGroup)
       return appGroup;

   return null;
}

Part 3 will show how to use that store from the application to do access checks and some management.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s