Active Directory using Entreprise Library

Oct 30, 2007 at 7:33 AM
Can anyone guide me about how to create a connection to Active Directory using Application Blocks?
Is there any sample to check how the configuration is done and how authentication is achieved?

I would appreciate any help.
Regards,
Lara
Oct 30, 2007 at 12:25 PM
Hi Lara,

EntLib doesn't have an Authentication app block since the release of the January 2006 version. favoring instead the security features provided by the .NET framework since v2.0. Most of these features are implemented under the System.Web namespace, but are still usable outside of the web-app realm. You can get additional information from http://channel9.msdn.com/wiki/default.aspx/Channel9.HowToUseMembership and http://msdn2.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx, and take a look at EntLib's Security Quick start for an example of integrating ASP.NET Membership with the Security Block (although it doesn't use the AD implementation of membership).

If you're looking for authorization, then you can use EntLib's AzMan authorization provider and store your rules in AD. To author the authorization rules, you would use the AzMan console. You can get more information about authoring AzMan rules from http://technet2.microsoft.com/windowsserver/en/library/72b55950-86cc-4c7f-8fbf-3063276cd0b61033.mspx?mfr=true and http://msdn2.microsoft.com/en-us/library/aa480244.aspx.

Hope this helps,
Fernando
Nov 1, 2007 at 3:17 PM
Dear Fernando,

I would like to thank your for replying to my post, the idea is not clear yet.
I created a solution using the Smart Client Software Factory and added a business module called Login module. This module includes the Login View (username, password and domain).
I did the authentication to active directory the normal way it is done but now I am asked to do it again, this time using an application block in the Entreprise Library, if available.
My question is:
Does the security application block include access to active directory and if yes, is there any example I can check to ease my configuration and implementation?

Regards,
Lara
Nov 1, 2007 at 3:52 PM
Lara,

Enterprise Library does not have a block for authentication/login, ActiveDirectory or not. It used to have such a feature on an earlier version but it was removed in the Jan 2006 version as the .NET framework provides overlapping features since v2.

So, you will either have to keep your current implementation or use the .NET framework features that superseeded EntLib's; links for the latter are included in my previous post.

Fernando
Nov 1, 2007 at 8:46 PM
Fernando,

How does one use AzMan and Entlib? I have created an azman store and am referencing it in my config file.

<add name="LocalPolicyStore" connectionString="msxml://C:/azman.xml" />
...
<roleManager enabled="true" defaultProvider="AzManProvider">
<providers>
<clear />
<add name="AzManProvider" type="System.Web.Security.AuthorizationStoreRoleProvider" connectionStringName="LocalPolicyStore" applicationName="MyAzmanSample"/>
</providers>
</roleManager>

With the following code:

IAuthorizationProvider azManProvider = AuthorizationFactory.GetAuthorizationProvider("AzManProvider");
// authorize the user to perform the Query task
azManProvider.Authorize(User, "Query");

I still get the following error: "No operations are defined for the given task."

Is there something I am missing? Also, instead of the XML file, can my Azman configuration be store within ADAM?
Nov 2, 2007 at 2:00 PM
Hi,

EntLib's AzMan based authorization implementation does not rely on the AuthorizationStoreRoleProvider; it is an implementation of the IAuthorizationProvider interface that has its own configuration. This is what the configuration looks like (created using the config tool):

<configuration>
<configSections>
<section name="securityConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Security.Configuration.SecuritySettings, Microsoft.Practices.EnterpriseLibrary.Security, Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</configSections>
<securityConfiguration defaultAuthorizationInstance="" defaultSecurityCacheInstance="">
<authorizationProviders>
<add storeLocation="msxml://c:/myAuthStore.xml" application="My Application"
scope="" auditIdentifierPrefix="AzMan Authorization Provider"
type="Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider, Microsoft.Practices.EnterpriseLibrary.Security.AzMan, Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
name="AzMan Provider" />
</authorizationProviders>
</securityConfiguration>
</configuration>

The storeLocation can be an ADAM store; just use the same URI you're using with the azman console.

Hope this helps,
Fernando