16.1. Provider Design

The AuthorizationStoreRoleProvider is a wrapper around a subset of the functionality available in Authorization Manager. The provider is supported for use in ASP.NET applications and non-ASP.NET applications. Although the provider depends on Authorization Manager, you can use it with Windows-authenticated and forms-authenticated websites. All of the samples in this chapter use forms authentication and ActiveDirectoryMembershipProvider in conjunction with AuthorizationStoreRoleProvider.

Authorization Manager is a feature that was first shipped as part of Windows Server 2003, and it supports role-based and "operation-based" security, and also ships with Windows Server 2008 with several new enhancements. There is also a runtime component that you can install that enables AzMan on Windows 2000 and Windows XP. AzMan supports role-based security because that has been the most prevalent type of security used by developers. It also introduced the concepts of tasks and operations that can be used to model more granular "things," which themselves can be authorized. For example, with AzMan, you could create an operation called UpdateAccountData, and then within your application you could ask AzMan if the current user has rights to UpdateAccountData. This is an elegant approach to the common authorization problem of separating authorization administration (adding users to roles, assigning users rights to operations) from the security model of "things" that can be authorized. ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.