如何利用azMan (Authorization Manager) 实现 rolebased的安全验证机制

在WCF中如何配置基于asp.net role的授权机制，看了些时日，总算有点眉目了 。

以下是一个典型的通过自定义的role-based (principalPermissionMode=UseAspNetRoles)来进行授权的WCF  service config file.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>

        <behaviors>
            <serviceBehaviors>
                <behavior name='ServiceBehavior'>
                    <serviceAuthorization  principalPermissionMode='UseAspNetRoles' roleProviderName='AuthorizationStoreRoleProvider' />
                    <serviceMetadata httpGetEnabled ='true'/>
                </behavior>
            </serviceBehaviors>
            
        </behaviors>

        <services>
            <service name="Service.ResourceAccessServiceType"
                     behaviorConfiguration='ServiceBehavior'>
                <host>
                    <baseAddresses>
                        <add baseAddress='net.tcp://localhost:9000/Woodgrove'/>
                        <add baseAddress='http://localhost:8000/Woodgrove'/>
                    </baseAddresses>
                </host>
                <endpoint address="ResourceAccess"
                          binding="netTcpBinding"
                          contract="Service.IResourceAccessContract" />
                <endpoint address="mex"
                          binding="mexHttpBinding" 
                          contract="IMetadataExchange" />
            </service>


        </services>

        
    </system.serviceModel>
    
    

    <!-- Role Provider Configuration -->
    <system.web>
        <roleManager defaultProvider="AuthorizationStoreRoleProvider" 
                     enabled="true"
                     cacheRolesInCookie="true"
                     cookieName=".ASPROLES"
                     cookieTimeout="30"
                     cookiePath="/"
                     cookieRequireSSL="false"
                     cookieSlidingExpiration="true"
                     cookieProtection="All"  >
            <providers>
                <clear />
        <add
           name="AuthorizationStoreRoleProvider"
           type="System.Web.Security.AuthorizationStoreRoleProvider"
           connectionStringName="AuthorizationServices"
           applicationName="RoleProvider" />
        
            </providers>
        </roleManager>
    </system.web>

    <!-- Connection Strings -->
    <connectionStrings>
        <add 
            name="AuthorizationServices" 
connectionString="msxml://D:\documentation\AuthorizationStore.xml" />
    </connectionStrings>
    
</configuration>

而通过azMan生成的授权配置 xml文件（该文件路径：D:\documentation\AuthorizationStore.xml）如下

<?xml version="1.0" encoding="utf-8"?>
<AzAdminManager MajorVersion="1" MinorVersion="0">
    <AzApplication Guid="ce0032aa-9b1a-4243-b065-ee654d1ec90d" Name="RoleProvider" Description="" ApplicationVersion=""><AzOperation Guid="497d2e02-18d4-49d2-b8ef-88bc58828509" Name="SomeOperation" Description=""/><AzTask Guid="c1ca5e81-099b-4ba0-ab94-d3c9ed583b72" Name="Manager" Description="" BizRuleImportedPath="" RoleDefinition="True"/><AzTask Guid="a9dfdf2b-fe2a-4573-93e0-28a2e2afe234" Name="StaffMember" Description="" BizRuleImportedPath="" RoleDefinition="True"/><AzRole Guid="2381420b-45e9-4c27-9fd5-299e241aa4df" Name="Manager"><TaskLink>c1ca5e81-099b-4ba0-ab94-d3c9ed583b72</TaskLink><Member>S-1-5-21-2146773085-903363285-719344707-661121</Member></AzRole><AzRole Guid="36e60ed8-fc70-4b12-9353-95a96e13e431" Name="StaffMember"><TaskLink>a9dfdf2b-fe2a-4573-93e0-28a2e2afe234</TaskLink><Member>S-1-1-0</Member></AzRole></AzApplication></AzAdminManager>

那么，什么是azMan,如何配置？这里推荐一片极好的文章，讲解了如何利用azMan对于中间层的.net 应用程序实现role-based的身份安全验证机制。

链接地址如下:http://msdn.microsoft.com/zh-cn/magazine/cc300469(en-us).aspx