New AzMan Developer Whitepaper

The AzMan developer whitepaper is now available. This is over 100 pages of AzMan Development info. Here’s the link


Here’s the outline:


Introduction to Developing Authorization Manager Solutions
   Executive Summary
   Application Authorization Challenges
   Windows Authorization Manager
Application Security Design
   Application Authentication Model
   Determining an Application Authentication Model
Designing an Authorization Manager Solution
   Identifying Resources and Operations
   Determine Scoping Model
   Determining Management Model
Implementing an Authorization Manager Solution
   Store and Application Initialization
   Client Context Initialization
   Access Validation
   Updating Policy
   Environment-Specific Design Considerations
Deployment Considerations for Developers
   Authorization Manager Availability
   Deployment Approaches
   Application Installation
   Active Directory Storage
   Using ADAM as a Store for Authorization Manager Policy
   Authorization Manager Transactional and Concurrence Situation
   Delegation of Administration
   Troubleshooting the ASP.NET Authorization Manger Store Provider
   Troubleshooting ADAM Access with Active Directory
   Additional Resources

Comments (6)

  1. Catho says:

    Hi Dave,

    finally there is a good resource where to get information for AzMan Developers.

    I want ask you if are supported the Application Groups in Scopes when the policy store is Adam.

    When I try to create Application Groups  (in Scopes) they are right created, but when I close the AzMan MMC and reopen they disappear. I looked with Adam Adsi Edit MMC that they are present. I tried with an Xml store and everything is ok.

    My configuration is Windows 2003 Std. sp1 with Adam sp1.

    Best Regards


  2. davemm says:

    Hi Catho,

    Yes application groups are supported in ADAM. This is a puzzling problem. One thing that is possible is that you have two ADAM instances and there is a replication delay and when you reconnect you getting the ADAM instance that has not had the changes yet.



  3. smorganburntsand says:

    SSRS supports security extensions and I am wondering if there is any reason that AZMan could not be used in this capacity to replace the default ssrs authentication and authorization mechanism.

  4. davemm says:

    Hi smorganburntsand,

    I’m not an expert in SSRS but AFAIK there is no reason you could not integrate AzMan and SSRS. Several customers have experimented with it and I heard of no problems.



  5. Catho says:

    Hi Dave,

    I made some tests and saw that on that configuration (AdamSp1 on Win2003 Sp1 with any replica on port 389) Application Groups in Scopes are not shown in the console (After closing and reopening the console they disappear).  If I open the same policy store from Windows XP does work.

    Have you any ideas ?

    Best Regards


  6. davemm says:

    Hi Catho,

    You may be hitting this issue:

    In which case there is a fix.

    I hope that’s it 🙂