in this last part i’ll show you the code to do access checks against an AzMan store with custom SIDs.
first, you authenticate the username/password against the database and get the SID in return.
public string Authenticate(string Username, string Password)
{
string salt = getSalt(Username);
byte[] saltBytes = Convert.FromBase64String(salt);
string passwordHash = generateHash(Password, saltBytes, 64);
string sid = “”;
if (checkPassword(Username, passwordHash, ref sid))
return sid;
return null;
}
after that you can open the AzMan store and create a client context with the returned SID.
IAzClientContext context = app.InitializeClientContextFromStringSid(sid, 1, null);
Note the second parameter. the 1 turns of checking of the SIDs against the Windows User Store. The constant is called AZ_CLIENT_CONTEXT_SKIP_GROUP and its value is set to 1 in azroles.h
you can then pass this client context to the access checks functions of AzMan. the AccessCheck API is quite ugly to use. the AzMan COM Component is made to be used from all COM enabled languages including scripting. so you often have to deal with VARIANTS and that kind of stuff…
public bool accessCheck(IAzClientContext ctx, int operationID)
{
const int NO_ERROR = 0;
object[] operations = { operationID };
object[] scopes = { “” };
object[] results = (object[])
ctx.AccessCheck(“Audit Text”, scopes, operations, null, null, null, null, null);
int result = (int)results[0];
if (NO_ERROR == result)
return true;
else
return false;
}
so, this is a very basic example. the AzMan API has a lot more possibilities. check the documentation and the links i posted before.
leastprivilege.com 