How to create Authorizations using DB users programatically

Nov 4, 2009 at 4:24 PM

Hello Andrea,

I am trying to create authorizations for items programatically using CreateAuthorization() for my DB users.However for my DB user I don't have Sid's so I can not use CreateAuthorization() method.

 I am using following steps for mapping my DB users to roles.

1. Created Storage(NetSqlAzman) programaticatlly

2. Read all available roles from our custom database table (UserRoles)and then add them to Storage programatically

3. Read all users associated with each role(got from step 2) from our custom database tables and then trying to add these users as authorizers using CreateAuthorization but I can't use it as my DB users table does not have any sids associated to users.

What we trying to achieve is : Instead of  adding each role under Role Definitions and then authorize with thousands of users from NetsqlAzman.msc ,we are trying to create storage programatically and add users to roles (Trying to automate the process)

I am wondering what would be the best way to achieve this ?








Nov 4, 2009 at 8:35 PM

Hello Andrea,

I have used below code to create CPT Store ,however it is throwing an error when user selects Role under Roles Authorizations with error message "Destination array is not long enough to copy all the required data. Check array length and offset".

public partial class Form1 : Form
        CustomRoleProvider provider = new CustomRoleProvider();
        public Form1()

        private void button1_Click(object sender, EventArgs e)
            //CustomRoleProvider provider = new CustomRoleProvider();
            string [] roles =  provider.GetAllRoles();
           // string [] userNames = provider.FindUsersInRole("4", "");

        private void CreateFullStorage()
            // USER MUST BE A MEMBER OF SQL DATABASE ROLE: NetSqlAzMan_Administrators

            //Sql Storage connection string
            string sqlConnectionString = "server=mrdddevlsql;database=NetSqlAzManStorage;""=devl;pwd=""";
            //Create an instance of SqlAzManStorage class
            IAzManStorage storage = new SqlAzManStorage(sqlConnectionString);
            //Open Storage Connection
            //Begin a new Transaction
            //Create a new Store
            IAzManStore newStore = storage.CreateStore("CPT Store", "Store description");
            //Create a new Basic StoreGroup
            IAzManStoreGroup newStoreGroup = newStore.CreateStoreGroup(SqlAzManSID.NewSqlAzManSid(), "CPT Store Group", "ho", String.Empty, GroupType.Basic);
            //Retrieve current user SID
            IAzManSid mySid = new SqlAzManSID(WindowsIdentity.GetCurrent().User);
            //Add myself as sid of "My Store Group"
            IAzManStoreGroupMember storeGroupMember = newStoreGroup.CreateStoreGroupMember(mySid, WhereDefined.Local, true);
            //Create a new Application
            IAzManApplication newApp = newStore.CreateApplication("CPT Application", "Cost Projection Tool");
            //foreach (string role in provider.RoleIDCollection.Values)
              IDictionaryEnumerator myEnumerator =  provider.RoleIDCollection.GetEnumerator();

                //Create a new Role
                IAzManItem newRole = newApp.CreateItem(myEnumerator.Value.ToString(), "Role description", ItemType.Role);
                //Create a new Task
               // IAzManItem newTask = newApp.CreateItem("New Task", "Task description", ItemType.Task);
                //Create a new Operation
                //IAzManItem newOp = newApp.CreateItem("New Operation", "Operation description", ItemType.Operation);
                //Add "New Operation" as a sid of "New Task"
                //Add "New Task" as a sid of "New Role"
                //Create an authorization for myself on "New Role"
                IAzManAuthorization auth = newRole.CreateAuthorization(mySid, WhereDefined.Local, mySid, WhereDefined.Local, AuthorizationType.AllowWithDelegation, null, null);
                //Create a custom attribute
                IAzManAttribute<IAzManAuthorization> attr = auth.CreateAttribute("New Key", "New Value");
                string[] providerFindUsersInRole = provider.FindUsersInRole(myEnumerator.Key.ToString(), "");
                if (providerFindUsersInRole != null)
                    foreach (string userName in providerFindUsersInRole)
                        //Create an authorization for DB User "Andrea" on "New Role"
                        IAzManAuthorization auth2 = newRole.CreateAuthorization(mySid, WhereDefined.Local, storage.GetDBUser(userName).CustomSid, WhereDefined.Local, AuthorizationType.AllowWithDelegation, null, null);
                //Commit transaction
            //Close connection

I mailed you screen shot at your hotmail.

Thanks for your help in advance.




Nov 5, 2009 at 4:53 PM

hi Andrea,

I have fixed above issue after modified  WhereDefined.Local to WhereDefined.Database  in CreateAuthorization() method

//Create an authorization for DB User "Andrea" on "New Role"

  IAzManAuthorization auth2 = newRole.CreateAuthorization(mySid, WhereDefined.Local, storage.GetDBUser("Andrea").CustomSid, WhereDefined.Database, AuthorizationType.AllowWithDelegation, null, null);