如何利用azMan (Authorization Manager) 实现 role-based的安全验证机制

在WCF中如何配置基于asp.net role的授权机制，看了些时日，总算有点眉目了 。

以下是一个典型的通过自定义的role-based (principalPermissionMode=UseAspNetRoles)来进行授权的WCF  service config file.

xml version="1.0" encoding="utf-8" ?>

<configuration>

    <system.serviceModel>



        <behaviors>

            <serviceBehaviors>

                <behavior name='ServiceBehavior'>

                    <serviceAuthorization  principalPermissionMode='UseAspNetRoles' roleProviderName='AuthorizationStoreRoleProvider' />

                    <serviceMetadata httpGetEnabled ='true'/>

                behavior>

            serviceBehaviors>

            

        behaviors>



        <services>

            <service name="Service.ResourceAccessServiceType"

                     behaviorConfiguration='ServiceBehavior'>

                <host>

                    <baseAddresses>

                        <add baseAddress='net.tcp://localhost:9000/Woodgrove'/>

                        <add baseAddress='http://localhost:8000/Woodgrove'/>

                    baseAddresses>

                host>

                <endpoint address="ResourceAccess"

                          binding="netTcpBinding"

                          contract="Service.IResourceAccessContract" />

                <endpoint address="mex"

                          binding="mexHttpBinding" 

                          contract="IMetadataExchange" />

            service>





        services>



        

    system.serviceModel>

    

    



    

    <system.web>

        <roleManager defaultProvider="AuthorizationStoreRoleProvider" 

                     enabled="true"

                     cacheRolesInCookie="true"

                     cookieName=".ASPROLES"

                     cookieTimeout="30"

                     cookiePath="/"

                     cookieRequireSSL="false"

                     cookieSlidingExpiration="true"

                     cookieProtection="All"  >

            <providers>

                <clear />

        <add

           name="AuthorizationStoreRoleProvider"

           type="System.Web.Security.AuthorizationStoreRoleProvider"

           connectionStringName="AuthorizationServices"

           applicationName="RoleProvider" />

        

            providers>

        roleManager>

    system.web>



    

    <connectionStrings>

        <add 

            name="AuthorizationServices" 

connectionString="msxml://D:documentationAuthorizationStore.xml" />

    connectionStrings>

    

configuration>

 

而通过azMan生成的授权配置 xml文件（该文件路径：D:documentationAuthorizationStore.xml）如下

xml version="1.0" encoding="utf-8"?>

<AzAdminManager MajorVersion="1" MinorVersion="0">

    <AzApplication Guid="ce0032aa-9b1a-4243-b065-ee654d1ec90d" Name="RoleProvider" Description="" ApplicationVersion=""><AzOperation Guid="497d2e02-18d4-49d2-b8ef-88bc58828509" Name="SomeOperation" Description=""/><AzTask Guid="c1ca5e81-099b-4ba0-ab94-d3c9ed583b72" Name="Manager" Description="" BizRuleImportedPath="" RoleDefinition="True"/><AzTask Guid="a9dfdf2b-fe2a-4573-93e0-28a2e2afe234" Name="StaffMember" Description="" BizRuleImportedPath="" RoleDefinition="True"/><AzRole Guid="2381420b-45e9-4c27-9fd5-299e241aa4df" Name="Manager"><TaskLink>c1ca5e81-099b-4ba0-ab94-d3c9ed583b72TaskLink><Member>S-1-5-21-2146773085-903363285-719344707-661121Member>AzRole><AzRole Guid="36e60ed8-fc70-4b12-9353-95a96e13e431" Name="StaffMember"><TaskLink>a9dfdf2b-fe2a-4573-93e0-28a2e2afe234TaskLink><Member>S-1-1-0Member>AzRole>AzApplication>AzAdminManager>

 

那么，什么是azMan,如何配置？这里推荐一片极好的文章，讲解了如何利用azMan对于中间层的.net 应用程序实现role-based的身份安全验证机制。

链接地址如下:http://msdn.microsoft.com/zh-cn/magazine/cc300469(en-us).aspx