.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Authorization Manager (AzMan) as role provider with Windows integrated authentication in SharePoint

Posted By:      Posted Date: September 29, 2010    Points: 0   Category :SharePoint

Hi all,

First I will describe my environment: Windows Server 2008 R2 x64, IIS 7, SQL Server 2008 and MOSS 2007 Enterprise Edition SP2 x64.

I am trying to setup SharePoint 2007 portal to use Windows integrated authentication with Authorization Manager (AzMan) as role provider.

I have set up an authorization store and defined a set of roles in there. Further I configured the web.configs of my SharePoint environment to use AzMan as role provider.

In IIS I see the roles appearing, but unfortunately those roles are not available in my SharePoint portal. I also see notification in IIS stating that Forms authentication has to be used

What should I do to configure it correctly? Is it even possible to use AzMan with Windows authentication in SharePoint 2007?

Thanks in advance.

With kind regards,




View Complete Post

More Related Resource Links

need help with sharepoint (wss 3.0) with Windows authentication and Custom Role provider

I'm trying to setup sharepoint(wss 3.0) to use my custom role provider with Windows authentication. I've modified the web.config to enable role manager and I am able to select my custom roles when assigning permissions but it doesn't seem like sharepoint is check the permission again my custom roles. If I enable Forms authentication and use my custom membership provider it all works as expected but I do not want to use FBA because of the issues with Client Integration. Essentially I want all the features that comes with the default windows authentications but just have permission be control from my custom role provider. Can anyone offer any solution or suggestions?

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager


Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003

require guideline for 'Role-based authentication/authorization'



In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.

I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.

If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own? Can anyone please give the proper steps on how to acheive this?

Integration of Windows live Id authentication with Sharepoint 2010?

Dear folks,   please give me some details about Integration of Windows Live Id authentication With SharePoint 2010? Thank you Regards Immanuel c

Using ONLY User Certificates for SharePoint 2010 Authentication/Authorization

  Hello, I am relatively new to SharePoint, and was wondering how I can accomplish using only user certificates to authenticate (and eventually authorize) access to the SharePoint 2010 Server (not just IIS). My Environment currently looks like this:  - SharePoint is SSL-enabled - User Browser Certificates (generated using OpenSSL) successfully authenticate to the IIS Server - SharePoint uses Basic Authentication (user/password based on AD credentials) I need to: - Authenticate the user to SharePoint using the User Certificate from my browser (in other words, no password authentication to access the SharePoint website, but use the certificate that was used by iis to be able to log into SharePoint) I am assuming I must use some sort of claims-based authentication.  Ideally, I would like to use ONLY the certification itself as a source of Authorized Repository for authentication. However, I am also open to having the user certificate be linked to Active Directory users as well.  I have done some research on this but am still lost as to how to approach this problem. Is there anyone that has done this or can assist me in getting this to work? Any help would be greatly appreciated. Thanks!  

Sharepoint 2007 Custom Role Provider

I have been trying to configure Sharepoint 2007 to use a custom role provider (using Forms based authentication) that we have developed.  I have been following the tutorial at http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx, so my configuration files look similar (only database connection string changes).   I have the Membership role provider working (able to add users to my site collection) but am not able to figure out what i have done wrong in setting up the role provider.   To verify that our code works, I setup an empty website project and called the asp.net configuation tool (as described in the above reference article) and am able to view/create/remove/etc... roles as expected, so I think the role provider is working correctly.   What is the recommended way to debug my problem?   Thanks Greg.

SharePoint crawling - Windows authentication failing for STS4?

In a Sharepoint 2010 installation, we are trying to crawl the content of a small, single-node SharePoint installation. The crawling is partially successful. We are able to retrieve data delivered from the web services (_vti_bin/sitedata.asmx), but when the crawler tries to access the full page contents, it fails. The error message shown in the Crawl Log is: The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. The error which is logged in the ULS is: 08/27/2010 01:52:02.92     mssdmn.exe (0x0A7C)                         0x03E4    SharePoint Server Search          HTTP Protocol Handler             du54    High        CHttpAccessorHelper::InitRequestInternal - unexpected status (500) on request for 'http://staging.dsr.dk/_layouts/error.aspx' Authentication 1.  [httpacchelper.cxx:657]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx      08/27/2010 01:52:02.92     mssdmn.exe (0x0A7C)          &n

Integrated Windows Authentication

Hello,          I want to give access to one my web pages to only one User. That user is not entering his RACFID anywhere in dot net application.I want to get that RACFID and I want to validate that RACFID before entering to that web page.Can anyone help meTIA

Best way to implement authentication and authorization for a sharepoint 2010 website.

Hi I come across different authentication methods in Sharepoint 2010. The sharepoint website we are develpoing as of now is Intranet. Later we are planning to move it to Internet(Public) site. What will be the best way to implement authentication and authorization for our website. If windows authentication(Classic mode authentication) is default for a sharepoint website (2010) , I have a few questions ragarding windows authentication. 1) In case of windows authentication, where should we maintain  users? 2) In case of windows authentication, how are the users created? 3) In case of windows authentication, how can I perform authorization.   If we want to use FBA(Form based authentication) in sharepoint 2010, I have a few questions ragarding FBA in sharepoint 2010. 1) In case of FBA(using Claim based authentication) , if we want to use custom database(where we are storing user details and  roles) rather than bulitin SQL membership  provider, how can we achieve this? Can anyone provide some useful resources to implement authentication(Windows or FBA or dual) and authorization for a sharepoint 2010 website with sample code? Please reply ASAP. Thanks & Regards Mahendra Babu

Passing Credentials to IIS "Integrated Windows authentication" Protected Directory

Hello All,I have set up a directory on my IIS web server that is protected by "Integrated Windows authentication".  I want visitors to be required to enter a name and password to view files in the protected directory except if they are following a link to files in the protected directory from a certain page on my website.I am doing this to try to get better protection from search engine spidering than is provided by using a robots.text file. I am using ASP.NET 3.5 with VB.  I am wondering if there is a way to pass the log on credentials to the IIS server via a link, or if there is a way to fill in the name and password for the login screen automatically, or something else that would work.  It is OK if the login name and password are visible to the visitors.Any suggestions on how to do this would be appreciated or if there is a better way to accomplish what I am trying to do, I would like to know.Thanks 

Large amount of handles of type token using role manager and authorisation manager (azman)

First you'll need some background on the application.  ASP.net application using .net framework 3.5. Security to the application is controlled with impersonation, using a role manager connecting to an azman store which uses Active Directory groups for security. As demoed in the following msdn link ... http://msdn.microsoft.com/en-us/library/ff649313.aspxAfter 50 or so users access the application throughout the day, eventually the application stops responding or users start to experience images not displaying etc and the application pool has to be recycled (typical symptoms of the server running out of memory).  Looking at the application memory usage and available memory on the server this does not appear to be the issue, investigations so far have lead me to think this is to do with Security Token Handles.  I've used process explorer to monitor the asp.net application and handles for the application steadily increase with every page that is accessed and eventually hit 38,000 this is when the application dies.  I've read various links saying that applications should use between 2,000-10,000 handles and any number near 40,000 makes the application unusable (this is the exact behaviour we are experiencing).  Using process explorer and handle.exe from the windows sysinternals site I

Disable SharePoint Workspace alert on Windows 7 PC with Norton Firewall Provider.

My wife has a laptop with Windows 7 and Office 2010.  Recently she was playing with some settings on her PC and did something which now causes a "Microsoft SharePoint Workspace" alert to appear when she boots up the machine. She wants this message to go away.  I do not know how to do this, and searching for portions of the alert have lead nowhere.  Here is the exact message. SharePoint Workspace is unable to communicate through your firewall and will run with limited functionality.  To resolve this problem, enable SharePoint workspace as a Windows Firewall exception.  For assistance, contact your Windows administrator. To remedy this, here is what I attempted: Start > Control Panel > View by Small Icons > Windows Firewall This opens a dialog with the caption, "Help protect your computer with Windows Firewall".  Below that, there is an orange box with the notification, "These settings are being managed by vendor application NORTON FIREWALL PROVIDER." Of the half-dozen options that appear in the left navigation panel of that dialog, only 3 are enabled: control panel home, advanced settings, and troubleshoot my network.  The option to "Turn windows firewall on or off" is disabled. We have Norton 360, so I opened that program and chose the "Settings" tab, which displays a Firewall link to

Help with Microsoft Authorisation Manager (Azman) for Windows Server 2008 and XP Dev

Morning all, I am hoping someone can shed some light on a problem i have as i seem to be at a dead end and cannot find a resolution. Even Google!   My scenario is as follows: 1) I have Azman installed on a windows 2008 server with the database hosted on SQL server. 2) I have an application that im developing in a Windows XP environment using a version managed PIA for AzMan (Microsoft.Interop.Security.AzRoles). When the application loads, and the following statement is executed: AzAuthorizationStoreClass store = new AzAuthorizationStoreClass(); store.Initialize(0, this.storeLocation, null); ... i get an exception which is thrown by .Initialise: "The specified network provider name is invalid. (Exception from HRESULT: 0x800704B4)" the storeLocation is set and read from the configuration file as: <add key="storeLocation" value="mssql://Driver={SQL Server};Server={my2008server};/AzManDb/MyTestApplication" /> Any help is very much appreciated.  

windows integrated authentication


I want to use windows integrated authentication but I'm a bit confused about how it works.

How do you refer to the logged in user in code when (for example) creating/editing records.
I currently use a session variable which I set to the users id in my Users table and then refer to it like this:

    <asp:SessionParameter SessionField="userID" Type=Int32

ASP.net role based authorization using froms authentication fails


Hi Dot Net Gurus,

I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:

Web.config (root):

<authentication mode="Forms">
	<forms name="userId" loginUrl="Login.aspx" defaultUrl="Default.aspx" path="/" timeout="240" requireSSL="false" />

Web.config (Member directory):

            <allow roles="Member" />
            <deny users="*" />


    protected void btnLogin_Click(object sender, ImageClickEventArgs e)
        String email = "";

Using Enterprise Library Authentication & Authorization modules in SharePoint 2007



I have ASP.NET application which is using Enterprise Libraries Authentication and Authorization modules to validate user credentials. User credentials are stored in custom database schema. 

I have one SharePoint 2007 application. I would like to use forms based authentication mechanism to authenticate users in SharePoint application which will use the custom database used in ASP.NET application. 

I would like to know how can I use above mentioned ASP.NET applications authentication mechanism in SharePoint 2007 application?

Thanks in Advance.


Windows or SQL Authentication with SharePoint

Does anybody know where there is information on which SQL Authentication method is best to use with SharePoint? I need to know which is best, if I use SQL authentication what are the limitations etc. Any help would be appreciated.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend