azman

What is the best way to achieve application authorization and entitlement in .Net. Earlier AzMan use to be the standard way. With the advent of provider model, at least roles are taken care of but I am not sure about the authorization & entitlement. I am looking at the ability to define and access operation level permissions for roles / users. What is the most suitable way to achieve the above? According to this blog post the ClaimsAuthorizationManager API is 'next generation of AzMan'. It's just an API however, and doesn't come with a default implementation or an admin GUI, so it's not yet

We're beginning to design a whole bunch of new services to create (WCF, ADO.NET Data Services, possibly in the cloud at some point) and one question that pops up is what authentication and authorization scheme to use - there are quite a few! We basically need to be able to identify users (actual people, and "virtual" application/service users) on a wide variety of protocols - HTTP, HTTPS, TCP - and we need to assign them at least a bunch of roles / permission to see certain data and/or do certain operations. We definitely can't use Windows group membership alone - we have plenty of external