Custom Authentication with AzMan – (A note on SID datatype)

There are  multiple ways to implement custom authentication with AzMan but if you are using an approach with custom SIDs (security identifiers), you should be aware of the data type for a SID.

Each sub authority is of type ULONG (32 bit) numeric which means numbers less than 4294967295 and no hex characters. So the format recommended for a Custom SID is S-1-9-1-1 through S-1-9-4294967295-4294967295. There is no validation based on sub authority either e.g. S-1-5 isn’t evaluated in AzMan any different from any other but you run the risk of collision with well known SIDs or prod AD SIDs . ( Thanks Sudheer! )






Comments (2)

  1. Craig says:

    Hi, can you point me to the article on Custom Auth with Azman?

    Here’s my scenario – client has Membership (System.Web.Security.Membership) rolled out configured to use sql server to store the users instead of Active Directory.

    Membership doesn’t provide that granular control required for their application, so I’m investigating alternatives. I like the way AZMan gives you that control, is there any way I could merge the two technologies? i.e. Give them the ability to use Membership as is to manage authentication against a sql store, and then use the granular Auth capabilities of AzMan – or am I asking too much 😉



  2. dc995 says:

    Developing Applications Using Windows Authorization Manager

    David Crawford, Dave McPherson

    Contributors: Durga Prasad Sayana, Mei Wilson, Shawn Wu, Sudheer Mamidpaka, Sunil Gottumukala, Sunil Kadam, Chris Jackson, Eric Huebner

    Microsoft Corporation

    August 2006