Types of auditing

Jun 22, 2009 at 6:36 AM

 Dear Andrea ,

With microsoft  Authorization Manager, you can use two kinds of auditing: runtime auditing(when you call CheckAccess)   and authorization store change auditing.

is your Authorization supoprt the runtime auditing(when you call checkaccess ) if not supprted can you guide me how to support it in your authorization system

Best Regards

 

Coordinator
Jun 22, 2009 at 7:16 AM
Hi,
by now NetSqlAzMan supports store change auditing only.
If you want to audit runtime auditing (check access) you can write your own CheckAccess wrapper method and raise events.
What are you using to run CheckAccess ? Storage ? StorageCache ? UserPermissionCache ?
Regards,
Andrea.

Jun 22, 2009 at 7:20 AM

Hi Andrea ,

 I am using Storage  to run CheckAccess

how i will raise events ?

Regards,

Ahmed

Coordinator
Jun 22, 2009 at 7:44 AM

Hi,

here a sample Console App:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Security.Principal;

using NetSqlAzMan;

using NetSqlAzMan.Interfaces;

namespace ConsoleApplication1

{

    class Program

    {

        public delegate void CheckAccessHandler(string storeName, string applicationName, string itemName, AuthorizationType result);

        static IAzManStorage storage = new SqlAzManStorage("data source=.;initial catalog=NetSqlAzManStorage;Integrated Security=SSPI");

        public static event CheckAccessHandler CheckAccessInvoked;

        static void Main(string[] args)

        {

            CheckAccessInvoked += new CheckAccessHandler(Program_CheckAccessInvoked);

            bool result = CheckAccessWrapper("My Store", "My Application", "My Operation/My Task/My Role");

            Console.WriteLine("Result = " + result.ToString());

            Console.ReadLine();

        }

        static bool CheckAccessWrapper(string storeName, string applicationName, string itemName)

        {

            AuthorizationType auth = storage.CheckAccess(storeName, applicationName, itemName, WindowsIdentity.GetCurrent(), DateTime.Now, false);

            if (CheckAccessInvoked != null)

                CheckAccessInvoked(storeName, applicationName, itemName, auth);

            return auth == AuthorizationType.Allow || auth == AuthorizationType.AllowWithDelegation;

        }

        static void Program_CheckAccessInvoked(string storeName, string applicationName, string itemName, AuthorizationType result)

        {

            Console.WriteLine("Check Access Invoked");

        }

    }

}

__________________________________
Andrea Ferendeles
NetSqlAzMan - Project Coordinator

http://netsqlazman.codeplex.com

Jun 22, 2009 at 8:01 AM

thx andrea for your great help

About the auditing of the Authorization changes you support , you  save it in the DB or Event log

if saved in DB , how i will get this logs from your API, or i  will create my access block to get this logs ?

regards,

Ahmed

Coordinator
Jun 22, 2009 at 8:05 AM
yes ... but a query could be enough. :-)
Regards,
Andrea.