# Wednesday, January 31, 2007

If you are working with AzMan at all, the best resource I've found so far that you'll want to check out is Developing Applications Using Windows Authorization Manager from MSDN.  It includes a very comprehensive set of info on working with AzMan using Windows, ADAM, or custom principals, on using AzMan from ASP.NET, and general info on authorization strategy and policy.

There are lots of code samples included in the document, including code for doing access checks using ADAM principals, and some for writing AzMan "BizRules" in managed code.

Good stuff.

AzMan | Work
Wednesday, January 31, 2007 3:05:23 PM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [0]  | 
# Monday, January 29, 2007

Yesterday we had a party for the 10th Anniversary of the CERT program here in Hillsboro.  We had many more people than I had expected show up, to whom we provided free spiffs, literature on disaster preparedness, and lot's of nifty door prizes including tools, hats, etc.  Plus safety related games for the kids.  And there was cake.

A good time was had by all.  Here's to 10 more...

Monday, January 29, 2007 3:08:44 PM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [0]  | 
# Thursday, January 25, 2007

Not so good. 

Update:  I did get WMP to work, after installing the "Media Services" for 2003 server from the "Add Windows Components" dialog.  Still no go with Rhapsody.  Interestingly enough, QuickTime doesn't work either...

I've recently had to upgrade my development box to Windows 2003 Server, because some of the work I'm doing with ADAM and AzMan requires 2003 or Vista (and I'm not quite ready to go there, not is our IT department).  I can't get the Rhapsody client to install at all on 2003 server.  I suspect it has something to do with the fact that there's no Windows Media Player installed.  There doesn't seem to be a Windows Media Player for 2003 Server, which probably isn't unreasonable.  The Rhapsody client install fails while trying to set up some DRM stuff, which is what makes me suspect WMP. 

Despite that, the new web based Rhapsody client works just fine in FireFox, so I'll have to limp along with that once again.


Thursday, January 25, 2007 10:04:20 AM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [6]  | 
# Wednesday, January 24, 2007

I'll post some code later on, but I wanted to make some quick points about integrating ADAM and AzMan.  I'm in the midst of building an authentication/authorization system using the two technologies together, and have some across some stumbling blocks.  There's not much documentation, particularly around AzMan, and the COM interfaces for AzMan can be a bit cumbersome.

  • Storing users in ADAM and authorizing them using ADAM requires Windows 2003 Server or Vista.  There's no decent way to make this work on Windows XP.  The necessary AzMan interface, IAzClientContext2, doesn't exist on XP.  It's required for using a collection of user and group SIDs from ADAM to do access checks against AzMan.  I'll post some code later...
    • IAzClientContext2 is also available on Vista, so Vista is also a viable dev platform.
  • There are some confusing interactions between the AzMan UI and the programmatic API.  If you create a Role in the AzMan UI, but don't create a RoleAssignment, the programmatic call to IAzApplication2.OpenRole will fail.  If you create the role assignment, but don't actually assign any users or groups to it, OpenRole succeeds.  Conversely, if you call the programmatic IAzApplication2.CreateRole method and assign operations and users to the role in code, the RoleAssignment shows up in the UI, but not the Role itself. 
  • If you assign an ADAM user to be a member of an AzMan group, it won't show up in the AzMan UI, but if you assign them directly to a Role, the ADAM user's SID will show up (as "unknown SID") under the RoleAssignment.  Either way, the call to AccessCheck works correctly.
  • You must pass the complete list of group SIDs from ADAM, but fetching the user's "tokenGroups" property.  Don't use "memberOf" because it doesn't take into account groups which belong to other groups.

More detail to come...

Wednesday, January 24, 2007 10:08:12 AM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [2]  | 
# Thursday, January 04, 2007

I've read a bunch of these over the last few weeks, and thought perhaps I could duck, but Scott tagged me today, so I guess I should come clean.  Most of these arne't exactly secret, but you may not have heard me hold forth on them before :-)

  • My degree (a B.A.) is in East Asian Studies.  I spent my 4 years studying up on Buddhism, Japanese Art, and Chinese Communism.  My work study job was retrieving term papers off of floppies that had beer spilled on them, one precious sector at a time.  The first Computer Science class I ever took was at PCC after working at Intel for several years.  C++ I think it was.  Or possibly data structures.  I dropped out of a class on assembler, 'cause it was boring. 
  • I love trashy food.  I was raised on 70's hippy vegetarian food, and to this day I have a deep and abiding love of chicken fried steak, chipped beef on toast, and fried SPAM. 
  • I have a "simian crease" on my right hand.  Most people have two or three lines running horizontally across their palm (heart line, life line, etc).  I only have one the runs all the way across.  Common among chimpanzees and people with Down syndrome, less so among others.
  • On weekends, I tend to dress like a Viking.  My whole family are long-term participants in the Society for Creative Anochronism.  I used to dress up in armor and hit people with (actually mostly be hit with) wooden swords.  I gave that part up since I'm not 18 anymore, and it hurts.
  • My very first job was as an apprentice house painter.  I mostly dug ditches and drove ladders around Seattle for $6/hr.  I started the job by lowering the bottom of the boss' dirt floored basement by about 6 feet.  8 hour days of digging dirt into 5 gallon buckets, and hauling them two at a time up a flight of stairs.  I gained about 10 pounds of pure biceps. 

Not exactly shocking revalations, I admit.  Not compared to Scott's fashion obsession anyway.  I knew he was a snappy dresser, but...

I can't think of too many people I know have haven't already been tagged, so I'm not sure I'll make 5.  I nominate Jason, Stuart Celarier, John Batdorf,  Jeff B., and Don Smith.

Thursday, January 04, 2007 3:04:31 PM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [0]  |