A while back I posted about how we're implementing denials using AzMan. This week, a helpful reader pointed out that with a little extra math, I could save a call into AzMan (with all the attendant COM interop, etc.).
So, instead of my previous
object[] grantOps = new object[] { (object)1, (object)2, (object)3, (object)4};
object[] denyOps = new object[] { (object)100001, (object)100002, (object)100003, (object)100004 };
object[] grantResults = (object[])client.AccessCheck("check for grant", scopes, grantOps, null, null, null, null, null);
object[] denyResults = (object[])client.AccessCheck("check for deny", scopes, denyOps, null, null, null, null, null);
for (int i = 0; i < grantResults.Length; i++)
{
if(((int)grantResults[i] == 0) && ((int)denyResults[i] != 0))
Console.WriteLine("Grant");
else
Console.WriteLine("Deny");
}
I can do it in one call like so
object[] allOps = new object[8];
grantOps.CopyTo(allOps, 0);
denyOps.CopyTo(allOps, 4);
object[] allResults = (object[])client.AccessCheck("check for grant and deny", scopes, allOps, null, null, null, null, null);
for(int j = 0; j < grantOps.Length; j++)
{
if (((int)allResults[j] == 0) && ((int)allResults[j + grantOps.Length] != 0))
{
Console.WriteLine("Grant");
}
else
Console.WriteLine("Deny");
}
It does mean you have to be a little careful about getting the indexes straight, but that's probably worth the savings you'll get by not making the extra COM call.
Every little bit helps...