How to use CAZE with Windows integrated authentication
If you'd like to use the integrated Windows authentication
for authorization checks, you'll have to do two things:
First, use an instance of the
System.Security.Principal.WindowsPrincipal
class as the
Policy 's current principal, for example:
[Visual Basic]
Dim policy As New AuthorizationPolicy
...
policy.CurrentPrincipal = _
New WindowsPrincipal(WindowsIdentity.GetCurrent())
[C#]
AuthorizationPolicy policy = new AuthorizationPolicy();
...
policy.CurrentPrincipal =
new WindowsPrincipal(WindowsIdentity.GetCurrent());
Second, populate the authorization policy with
WindowsRole
instances that map the role IDs to windows group names, for example:
[Visual Basic]
policy.Roles.Add( _
New WindowsRole("Admin", "BUILTIN\Administrators"))
[C#]
policy.Roles.Add(
new WindowsRole("Admin", @"BUILTIN\Administrators"));
Now, every time the policy has to resolve role membership, members of the
local Administrators windows group will be made members of the Admin CAZE role.
Please, see the document approval tutorial
for more details.
|