> > Hi Greg, did you manage to solve this issue? The following page seems to > indicate it can still be done via the Enterprise Library > > http://stackoverflow.com/questions/14229771/azman-obsolete-what-is-the-new-alternative-to-azman >
I have officially given-up on using AzMan. I thought it would be as easy as making the rules (which is really easy in the msc plugin), then referencing a library and making a few calls. I was going well until I couldn't find the library and the public methods didn't match any of the sample code, not even code in MSDN magazine articles or Keith Brown's book <http://www.amazon.com/NET-Developers-Guide-Windows-Security/dp/0321228359>. If EntLib has a wrapper around azman.dll then that's too bad, as I'm not going back to using that bloated mess. I had to use EntLib years ago due to a dependency from netTiers, and it just cluttered things up (a poor decision by the template authors I think). For years I thought that Azman was just a database combined with an API, the sort of thing any of us could write, but I suspect now that it was a wrapper over the non-trivial AuthZ API <http://msdn.microsoft.com/en-us/library/windows/desktop/ff394773(v=vs.85).aspx> which exposes the kernel-mode SRM (Security Reference Monitor) model in user-mode. Years ago I asked in here if there was a way of using ACLs to protect arbitrary application defined objects (as we did on IBM mainframes with RACF). I think the answer was "no" or "it's really hard" as you'd have to manage and serialize the ACLs yourself, so the Windows security model is not easily extensible for use in applications. I further suspect now that Azman was designed to bridge this gap, but advertising for it was misleading or sparse and it never became popular in communities like this. If anyone has insider knowledge and can confirm or deny what I've said, then I'm all ears! *Greg K*
