RE: AzMan concurrency.

From: Claudio Pacciarini (ClaudioPacciarini_at_discussions.microsoft.com)
Date: 01/20/05 

Date: Thu, 20 Jan 2005 14:39:04 -0800

In the original post, I didn't explained in detail what I need to do, so here
I go:
 
I need to implement an application with load balancing support; this app
will be mission critical and will always need to be available. It will also
need to authenticate and authorize users.

For the authorization part of the app, I was planning to use AzMan.

AzMan seemed to be the perfect solution; the store (when in Active
Directory) is automatically replicated, performance is great, audits, easy
access to the store from any machine in the domain, azman.msc, etc.

But after reading some responses from people that really know windows
programming and security, I'm hesitating (and feeling considerably concerned
too) about azman in mission critical projects.

I wonder if it's possible (and/or recommended) to use AzMan with Active
Directory in mission critical (clustered/load balanced) applications and if
it is, how to do it (or at least some ideas). The main problem is
synchronizing the servers accessing the store in AD.

I really like AzMan and I'd hate to give it up. I’d hate even more to be
forced to implement my own custom AzMan-like logic because there's no
practical/elegant way to do this locking.

So the main questions remain: how could I synchronize server apps accessing
a store located in Active Directory? Is it possible to use AzMan in mission
critical apps? Any recommendations?
 
If it’s not possible or convenient to use AzMan in clustered/nlb
environments, any advice on how could to design a distributed, mission
critical system requiring authorization similar to what AzMan provides?

Many thanks,

Claudio Pacciarini

Relevant Pages

  • AzMan + ADAM + ASP .NET 2.0 problems
    ... I have a web app written in ASP .NET 2.0 which uses AzMan as authorisation ... On the test server, though, I have installed ADAM and created an AzMan ... store there. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AzMan concurrency.
    ... Web client sends message (with a correleationID) to specific MSMQ ... NT Service listens on that QueueA and updates AzMan store according to ... > For the authorization part of the app, I was planning to use AzMan. ...
    (microsoft.public.dotnet.distributed_apps)
  • AzMan problems -- InvalidCastException
    ... I cannot find a newgroup dedicated to AzMan so if anyone has any ideas on ... Client requests come in over .NET remoting. ... the store and open the application for every request, ... almost always get an interop error the error is "InvalidCastException ...
    (microsoft.public.platformsdk.security)
  • AzMan threading problems
    ... I cannot find a newgroup dedicated to AzMan so if anyone has any ideas on ... Client requests come in over .NET remoting. ... the store and open the application for every request, ... almost always get an interop error the error is "InvalidCastException ...
    (microsoft.public.dotnet.security)
  • Re: Using local AzMan XML store from Win32 Service
    ... but what does IIRC stand for? ... However, to host the AzMan store in AD, you must have ... Windows Server 20003 --- at least that's what I remember. ... >> XML store from a process running as a Win32 service. ...
    (microsoft.public.dotnet.security)