Custom Authentication with AzMan - (A note on SID datatype)

There are  multiple ways to implement custom authentication with AzMan but if you are using an approach with custom SIDs (security identifiers), you should be aware of the data type for a SID.

Each sub authority is of type ULONG (32 bit) numeric which means numbers less than 4294967295 and no hex characters. So the format recommended for a Custom SID is S-1-9-1-1 through S-1-9-4294967295-4294967295. There is no validation based on sub authority either e.g. S-1-5 isn’t evaluated in AzMan any different from any other but you run the risk of collision with well known SIDs or prod AD SIDs . ( Thanks Sudheer! )

 

Regards,

David

Comments

• Anonymous
  September 06, 2007
  Hi, can you point me to the article on Custom Auth with Azman? Here's my scenario - client has Membership (System.Web.Security.Membership) rolled out configured to use sql server to store the users instead of Active Directory. Membership doesn't provide that granular control required for their application, so I'm investigating alternatives. I like the way AZMan gives you that control, is there any way I could merge the two technologies? i.e. Give them the ability to use Membership as is to manage authentication against a sql store, and then use the granular Auth capabilities of AzMan - or am I asking too much ;-) Thanks! Craig

• Anonymous
  October 24, 2007
  Developing Applications Using Windows Authorization Manager David Crawford, Dave McPherson Contributors: Durga Prasad Sayana, Mei Wilson, Shawn Wu, Sudheer Mamidpaka, Sunil Gottumukala, Sunil Kadam, Chris Jackson, Eric Huebner Microsoft Corporation August 2006 http://msdn2.microsoft.com/en-us/library/aa480244.aspx