AzMan Authorization Handler

Topics: Security Application Block
Apr 19, 2007 at 1:34 PM
I'm a bit confused why the AzMan AH was designed to Authorize based on "Thread.CurrentPrincipal" instead of WindowsIdentity.GetCurrent(). This forces me to set the Thread principal myself with:

WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = new WindowsPrincipal(wi);
Thread.CurrentPrincipal = wp;

Just looking for the design decision there.

Thanks,
-Justin
Apr 19, 2007 at 6:46 PM
There are a couple of reasons:
  1. Sometimes you may want to authorize based on a different identity to the current Windows identity. You can't change the current identity, but you are free to set the thread principal to whatever you want
  2. A principal consists of an identity and a set of roles. Roles are a very common mechanism to use for determining if someone is authorized to do something.

Hope this helps
Tom
Apr 19, 2007 at 7:03 PM
It does help thanks Tom.