是否有人将 Windows 授权管理器 (AzMan) 用于“未开发”项目?如果是这样,在 ASP.NET 应用程序中使用该技术作为成员资格/角色提供者有什么好处?
问问题
6170 次
2 回答
7
答案似乎是否定的。没有人回答过这个问题,2004 年发布的一个博客问题以及最近的一些评论似乎传达了人们的主要负面经历。NetSqlAzMan值得研究。
http://weblogs.asp.net/lorenh/archive/2004/02/24/79218.aspx
链接中的一些选择评论:
1.
Udi Dahan - The Software Simplist 说: 前段时间在本地 .Net 用户组看到它。看起来不错,除了互操作。
另一件事是能够执行实际上只是脚本的“业务任务”。
如果互操作消失,并且能够为业务任务调用 .Net 代码,这将是真正的杀手锏。
2.
Chris Bilson 说:我们已经将它完全集成到我们的 ASP.NET 应用程序中。当您定义了很多操作并进行大量授权检查时,Interop 部分真的很糟糕。这是一个真正的性能杀手。
我有自己的包装类,在执行访问检查时调用我的“业务任务”。
我感到有点沮丧,没有关于这个工具的更多信息,因为我同意这是摆脱对我的应用程序的硬编码角色检查的好方法——由于不同的客户定义,这在我的情况下是不可接受的什么是“经理”以及他们可以做什么。
3.
Dominick Baier 说:嗨,
我爱阿兹曼!我在 www.leastprivilege.com 上写了一些东西——尤其是使用非 Windows 帐户的能力非常酷!
多米尼克
4.
Mathertel 说:是的,我们在 .NET Web 应用程序中使用它,构建了一个包装器和一堆额外的工具来使用(MMC 管理单元中缺少很多工具)
5.
Tom Bruns said: I have used AzMan extensively in a large .NET Web application. I think that the conceptual model is very good. However, there is alot of "lessons learned" concerning how to correctly architect the application to use it relative to performance, ongoing maintaince of the policy store, interaction with ADAM etc. If I can be of any help please feel free to email me. Replace nospam with com in my email address. Used correctly it can perform very well.
6.
Horea Hopartean said: We tried to use it and keep its repository on a Win2003 AD, but at 10000 users it took 13 (thirteen) seconds to do an OpenApplication call.
That and the ugly API may be good reasons why it hasn't got any traction so far :)
7.
news75 said: Hi, I have the same problem.
I'm comparing Visual Guard, AzMan, NetSqlAzMan and the feature provided from the framework .net 3.0.
At the moment I'm prefering NetSqlAzMan. It's well integrated with .net framework, the comunity is active, is Open Source. Yes there are some limitation: Only Window or custum Authentication and Microsoft SQLManager, but...
I'm wondering: why this argument is so underestimates!?
8.
Riverway said: I am developing an Enterprise RBAC system using Azman with AD store. To overcome the slow performance, I wrote a wrapper class which access directly Azman in AD's OU structure using LDAP query. Another thing to mention is that Azman of Windows Server 2008 version has capability to create data store in SQL2008 database. My biggest complain is that Security Dialog for any resources (folders, disks, etc) does not recognize Azman defined groups or roles as available identity. This makes really difficult to integrate RBAC which encompass ERP and other enterprise roles AND Windows Resource Access Control at the same time unless you write an application which can write on AD directly.
9.
James said: We used azman on our project and it sucks. We've had a ton of problems with interoperability, and it didn't work for our developers using Win7 when the .xml file was made on a win2003 machine. We even went as far as reporting a bug to Microsoft. It does a ton of COM BS like randomly not working and saying E_INVALIDARG, whatever that means. This is one of the technologies I want to remove from our project when I get a chance.
于 2011-05-26T05:36:58.143 回答
2
We have been using NetSqlAzMan for a few years, and it works very well for us. If you are looking for a windows authorization tool, go with NetSqlAzMan.
AzMan from Microsoft is dead.
于 2012-01-05T19:42:11.530 回答