AzMan and Custom SIDs – Part 3

in this last part i’ll show you the code to do access checks against an AzMan store with custom SIDs.

first, you authenticate the username/password against the database and get the SID in return.

public string Authenticate(string Username, string Password)
string salt = getSalt(Username);
byte[] saltBytes = Convert.FromBase64String(salt);

passwordHash = generateHash(Password, saltBytes, 64);
  string sid = “”;

  if (checkPassword(Username, passwordHash, ref sid))
return sid;

  return null;

after that you can open the AzMan store and create a client context with the returned SID.

IAzClientContext context = app.InitializeClientContextFromStringSid(sid, 1, null);

Note the second parameter. the 1 turns of checking of the SIDs against the Windows User Store. The constant is called AZ_CLIENT_CONTEXT_SKIP_GROUP and its value is set to 1 in azroles.h

you can then pass this client context to the access checks functions of AzMan. the AccessCheck API is quite ugly to use. the AzMan COM Component is made to be used from all COM enabled languages including scripting. so you often have to deal with VARIANTS and that kind of stuff…

public bool accessCheck(IAzClientContext ctx, int operationID)
  const int NO_ERROR = 0;
  object[] operations = { operationID };
  object[] scopes = { “” };
  object[] results = (object[])    
  ctx.AccessCheck(“Audit Text”, scopes, operations, null, null, null, null, null);
  int result = (int)results[0];
  if (NO_ERROR == result)
    return true;
    return false;

so, this is a very basic example. the AzMan API has a lot more possibilities. check the documentation and the links i posted before.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s