CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Configuring URL Authorization with the Authorization Manager

Windows Server 2003 introduces a new role-based authorization manager. While traditional authorization has revolved around creating Access Control Entries (ACEs) on predefined resources such as files or registry keys, the Authorization Manager is designed to provide access control to tasks that comprise an application.

The Authorization Manager can be managed using an MMC snap-in. To access the Authorization Manager, select Start Run and enter azman.msc. An authorization application programming interface (API) is also exposed that applications (including ASP and ASP.NET web-based applications) can utilize to access the services provided by the Authorization Manager.

By the Book

In the Windows Server 2003 family, Authorization Manager introduces a new role-based authorization mechanism. Rather than base access on static Access Control Entries (ACEs), access can be granted or denied based on the type of work the user is performing.

Authorization Manager allows you to define tasks and roles. Only those users who are in configured roles are allowed to execute the defined tasks. The rules governing role membership can be programmed using a scripting language, offering the ability to dynamically decide what tasks can be executed.

For example, a role called Expense Authorizers may allow users in the role to authorize expenses via a web-based application, but only if the expense amount is less than a specified level (which in turn may be dynamically determined, by being retrieved from a database). Users who are not in the role cannot authorize expenses...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: MSDS Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.