4

What is the current guidance on managing authorisation in a .NET application?

Specifically whether to use Authorization Manager (AzMan), Windows Identity Foundation (WIF) or a combination of the two.

The Identity Team last mentioned the two in 2009, but never responded to the comments asking for examples of an 'authorization plugin' (and the team's blog has been quiet since 2011)

There's also a passing mention in A Guide to Claims based Identity and Access Control (2nd Edition), in the section Claims-Based Architectures, but again just that "Your application can then map those roles onto fine-grained permissions with tools such as Windows Authorization Manager", with no detail or examples given.

David Gardiner
  • 16,892
  • 20
  • 80
  • 117

1 Answers1

2

If you Google for Azman, you'll see references for Windows 2008. ASP.NET 2.0 etc. and the last entry in the AzMan blog was something like 7 years ago. In other words, not a lot is happening with it. It is however, still supported.

WIF is part of the claims-based approach that Microsoft is moving to e.g. ADFS, SharePoint, CRM Dynamics, Office 365, Azure are all now claims-based.

So for future proofing, go with WIF.

If you use WIF with ADFS, you can configure ADFS to map the AD groups to roles so you can use "IsInRole" in your code.

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Thanks. Would be nice if there was a 'migrating from AzMan to WIF' guide :-) – David Gardiner Jun 15 '14 at 23:59
  • Yeah - many requests for that - also http://blogs.msdn.com/b/card/archive/2009/10/20/how-geneva-helps-with-access-control-and-what-is-its-relationship-to-azman.aspx – rbrayb Jun 16 '14 at 00:52
  • http://nzpcmad.blogspot.co.nz/2016/04/claims-azman-in-new-claims-based-world.html – rbrayb Apr 21 '16 at 19:14