AzMan API Library II

To continue my post on the AzMan Library, I wanted to show all the basic classes and makeup and since I briefly discussed it yesterday, I figure it is worth showing:

//AzLibApplication
IAzApplication _app;

       public AzLibApplication(object app)
       {
           _app = (IAzApplication)app;
       }

       public IAzApplication Native
       {
           get { return _app; }
       }

       public string Name
       {
           get { return _app.Name; }
       }

       public string Description
       {
           get { return _app.Description; }
       }

       public List<AzLibOperation> Operations
       {
           get { return AzLibAzManHelper.GetOps((IAzOperations)_app.Operations); }
       }

       public List<AzLibRole> Roles
       {
           get {
               return AzLibAzManHelper.GetRoles(
                   this,
                   (IAzRoles)_app.Roles,
                   (IAzTasks)_app.Tasks
                   );
           }
       }

       public List<AzLibTask> Tasks
       {
           get { return AzLibAzManHelper.GetTasks((IAzTasks)_app.Tasks); }
       }

       public List<AzLibScope> Scopes
       {
           get { return AzLibAzManHelper.GetScopes(this, (IAzScopes)_app.Scopes); }
       }

       public List<AzLibApplicationGroup> ApplicationGroups
       {
           get { return AzLibAzManHelper.GetApplicationGroups((IAzApplicationGroups)_app.ApplicationGroups); }
       }

I mentioned yesterday the simple objects...some examples below:

public class AzLibOperation
   {
       IAzOperation _op;

       public AzLibOperation(object op)
       {
           _op = (IAzOperation)op;
       }

       public string Name
       {
           get { return _op.Name; }
       }

       public string Description
       {
           get { return _op.Description; }
       }

       public int OperationID
       {
           get { return _op.OperationID; }
       }       
   }

Store:

 IAzAuthorizationStore _store;

       public AzLibStore(IAzAuthorizationStore store)
       {
           _store = store;
       }

       public List<AzLibApplication> Applications
       {
           get { return AzLibAzManHelper.GetApplications((IAzApplications)_store.Applications); }
       }

The API Library as I mentioned is broken out into two assemblies and the first one is what I have been explaining yesterday and today. This weekend I'll explain the second part and post the code for the two assemblies. Next week, I'll get onto secondary applictions built off this API such as the AzMan reporter.

AzMan API Library

Over the years my work with AzMan has forced me created many applications and libraries. Having re-worked my original Lib, I feel that I need to first show the lib code before we can even get to the secondary external applications that I built around this. The library contains a ton of classes and I will go through some of them this week and upload them as well. I'll start by going through the main AzManHelper class:

public static List<AzLibRole> GetRoles(ITasksSource tasksSource, IAzRoles roles, IAzTasks tasks)
       {
           List<AzLibRole> result = new List<AzLibRole>();
           NamedTasks namedTasks = new NamedTasks(tasks);
           List<string> usedTasks = new List<string>();
          
           for (int it = 0; it < roles.Count; it++)
           {
               IAzRole role = (IAzRole)roles[it + 1];
               IAzTask task = namedTasks.FindMatchingTask(role);

               if (task != null)
               {
                   result.Add(new AzLibRole(tasksSource, role, task));

                   // Keep trach of the used task
                   usedTasks.Add(task.Name);
               }
               else
               {
                   result.Add(new AzLibRole(tasksSource, role));
               }
           }

           for (int it = 0; it < tasks.Count; it++)
           {
               IAzTask task = (IAzTask)tasks[it + 1];

               if (usedTasks.Contains(task.Name) == false)
               {
                   if (InteropHelper.IsTrue(task.IsRoleDefinition))
                       result.Add(new AzLibRole(tasksSource, task));
               }
           }           

           return result;
       }

       public static List<AzLibOperation> GetOps(IAzOperations ops)
       {
           List<AzLibOperation> result = new List<AzLibOperation>();

           for (int it = 0; it < ops.Count; it++)
           {
               result.Add(new AzLibOperation(ops[it + 1]));
           }

           return result;
       }

       public static List<AzLibScope> GetScopes(AzLibApplication app, IAzScopes scopes)
       {
           List<AzLibScope> result = new List<AzLibScope>();

           for (int it = 0; it < scopes.Count; it++)
           {
               result.Add(new AzLibScope(scopes[it + 1], app));
           }

           return result;
       }
      
       public static List<AzLibApplication> GetApplications(IAzApplications apps)
       {
           List<AzLibApplication> result = new List<AzLibApplication>();

           for (int it = 0; it < apps.Count; it++)
           {
               result.Add(new AzLibApplication(apps[it + 1]));
           }

           return result;
       }

       public static List<AzLibApplicationGroup> GetApplicationGroups(IAzApplicationGroups groups)
       {
           List<AzLibApplicationGroup> result = new List<AzLibApplicationGroup>();

           for (int it = 0; it < groups.Count; it++)
           {
               result.Add(new AzLibApplicationGroup(groups[it + 1]));
           }

           return result;
       }

       public static AzLibClientContext GetContext(AzLibApplication app)
       {
           IAzClientContext context = app.Native.InitializeClientContextFromToken(0, null);
           return new AzLibClientContext(context);
       }

The above does not show, but the AzLibOperation (and tasks, roles, etc.) just are simple objects that are gets of the Name, Description, and ID from AzMan. It will be clear once you look at all the code...but let's take it one step at a time.

AzMan Reports

Had to generate a whole bunch of reports from AzMan. I'll post some code this weekend that shows what I did in detail. I know I mentioned this reporting project in the past, but it had some major upgrades today....

AzMan Bulk Import/Export Tool V2

So I started writing a v2 a while back that was a complete UI using .NET 3.5 and XAML. It was done so that I can finally upgrade the code and play a bit with XAML. I never finished that code and plan to go back to it, but will have to label it v3.0. The v2.0 that I am adding here is a console based application based off my original work and some work done by David E. This code will do a bulk import/export for:

• Xml store
  
• AD store
• SQL Store
  

The code was modified a bit and can be used like this:

AzManBulkImport.exe {source policy store}{source policy store}{copy users}

There are a few minor things to keep in mind with this new version:

• Migrating App Groups with incorrect LDAP Strings crashes the migration.
• There is no check to make sure the database in the connection string exists.
• XML AzMan store defaults to no-users in policy store administrators group, meaning everyone has access. SQL AzMan says that no-one in the policy store administrators group means no one has access. Migrating an XML store without any administrators to a SQL store results in an access problem, as no-one will have access to the policy store after the policy store administrators are deleted from SQL server. There is an error message to reflect this situation.
• David has changed the Operations migration to compare old and new operations using the Operation ID, instead of the old comparison on Operation Name.

An example of the usage can be:

AzManBulkImport.exe "mssql://Driver=SQL Server;Server=dbserver01;Trusted_Connec
tion=True;/MyAzmanDatabase/MyPolicyStore" "d:\Azman.xml" "true"

This basically says to copy from the specified SQL Server store to the specified XML Store, including all user role assignments. You can change from XML to AD Ldap connection string or Ldap connection string to SQL server.

To recap, v2.0 of this code is console based and has a few updates with the major being SQL Server capability. Some of the code is a bit rough, but it works :) I do hope to release v3.0 if I ever get time to work on it again.

You can download the code here.

AzMan Updates

I have some new tools that I will be posting later this week. It has been a crazy week for me, so just hang in there.

Using the AzMan Helper Classes VI

We have seen how to add a store,create an application, add an operation, add tasks, create roles, add application groups, and add users via SID or UPN to groups in AzMan using C#. All of these are available here.

Here is the sixth and final post regarding the usage of these helper classes:

public string[] GetApplicationGroupMemberNames(string storeUrl, string applicationName, string applicationGroupName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup applicationGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   return ApplicationGroupHelper.GetApplicationGroupMemberNames(applicationGroup);
  }  


 public bool IsApplicationGroupMemberNameExists(string storeUrl, string applicationName, string applicationGroupName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup applicationGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   return ApplicationGroupHelper.IsApplicationGroupMemberNameExists(applicationGroup, memberName);
  }

//Get the SIDs
 public string[] GetApplicationGroupMembers(string storeUrl, string applicationName, string applicationGroupName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup applicationGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   return ApplicationGroupHelper.GetApplicationGroupMembers(applicationGroup);
  }  

public bool IsApplicationGroupMemberExists(string storeUrl, string applicationName, string applicationGroupName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup applicationGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   return ApplicationGroupHelper.IsApplicationGroupMemberExists(applicationGroup, memberSID);
  }

This concludes what is basically almost everything in AzMan via C#. In the upcoming weeks, I will move to show some more Active Directory code using C#.

Using the AzMan Helper Classes V

We have seen how to add a store,create an application, add an operation, add tasks, create roles, add application groups, and add users via SID or UPN to groups in AzMan using C#. All of these are available here.

Here is the fifth post regarding the usage of these helper classes:

 public void AddMemberToApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.AddMember(memberSID, null);
   appGroup.Submit(0, null);
  }

 public void RemoveMemberFromApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.DeleteMember(memberSID, null);
   appGroup.Submit(0, null);
  }

 public void AddMemberNameToApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.AddMemberName(memberName, null);
   appGroup.Submit(0, null);
  }

 public void RemoveMemberNameFromApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.DeleteMemberName(memberName, null);
   appGroup.Submit(0, null);
  }

//Add Member to denied list
  public void AddDeniedMemberToApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.AddNonMember(memberSID, null);
   appGroup.Submit(0, null);
  }

public void RemoveDeniedMemberFromApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.DeleteNonMember(memberSID, null);
   appGroup.Submit(0, null);
  }

 public void AddDeniedMemberNameToApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.AddNonMember(memberName, null);
   appGroup.Submit(0, null);
  }

  public void RemoveDeniedMemberNameFromApplicationGroup(string storeUrl, string applicationName, string applicationGroupName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzApplicationGroup appGroup = ApplicationGroupHelper.GetApplicationGroup(app, applicationGroupName);
   appGroup.DeleteNonMemberName(memberName, null);
   appGroup.Submit(0, null);
  }

Using the AzMan Helper Classes IV

To everyone who has sent me "thanks" emails regarding these AzMan tutorials, you are very welcome. It has always been perplexing to me why there are not many examples of AzMan out there. Anyway, back to the next post on this...

We have seen how to add a store,create an application, add an operation, add tasks, create roles, add application groups, and add users via SID or UPN to groups in AzMan using C#. All of these are available here.

Here is the fourth post regarding the usage of these helper classes:

 public string[] GetRoleDefinitions(string storeUrl, string applicationName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return RoleDefinitionHelper.GetRoleDefinitionNames(app);
  }

 public void AddRoleDefinition(string storeUrl, string applicationName, string roleDefinitionName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   RoleDefinitionHelper.AddRoleDefinition(app, roleDefinitionName);
  }

  public void RemoveRoleDefinition(string storeUrl, string applicationName, string roleDefinitionName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   RoleDefinitionHelper.RemoveRoleDefinition(app, roleDefinitionName);
  }

  public bool IsRoleDefinitionExists(string storeUrl, string applicationName, string roleDefinitionName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return RoleDefinitionHelper.IsRoleDefinitionExists(app, roleDefinitionName);
  }

  public string[] GetApplicationGroups(string storeUrl, string applicationName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return ApplicationGroupHelper.GetApplicationGroupNames(app);
  }

  public void AddApplicationGroup(string storeUrl, string applicationName, string applicationGroupName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   ApplicationGroupHelper.AddApplicationGroup(app, applicationGroupName);
  }

  public void RemoveApplicationGroup(string storeUrl, string applicationName, string applicationGroupName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   ApplicationGroupHelper.RemoveApplicationGroup(app, applicationGroupName);
  }

  public bool IsApplicationGroupExists(string storeUrl, string applicationName, string applicationGroupName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return ApplicationGroupHelper.IsApplicationGroupExists(app, applicationGroupName);
  }

I'll have 1-2 more posts on this and then move onto something else.

Using the AzMan Helper Classes III

We have seen how to add a store,create an application, add an operation, add tasks, create roles, add application groups, and add users via SID or UPN to groups in AzMan using C#. All of these are available here.

Here is the third post regarding the usage of these helper classes:

public void AddMemberToRole(string storeUrl, string applicationName, string roleName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   RoleMemberHelper.AddRoleMember(role, memberSID);
  }
public void RemoveMemberFromRole(string storeUrl, string applicationName, string roleName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   RoleMemberHelper.RemoveRoleMember(role, memberSID);
  }

//add by UPN
 public void AddMemberNameToRole(string storeUrl, string applicationName, string roleName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   RoleMemberHelper.AddRoleMemberName(role, memberName);
  }

public void RemoveMemberNameFromRole(string storeUrl, string applicationName, string roleName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   RoleMemberHelper.RemoveRoleMemberName(role, memberName);   
  }

//Get a list of role member names for a specified role
 public string[] GetRoleMemberNames(string storeUrl, string applicationName, string roleName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   return RoleMemberHelper.GetRoleMemberNames(role);
  } 

 public bool IsRoleMemberNameExists(string storeUrl, string applicationName, string roleName, string memberName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   return RoleMemberHelper.IsRoleMemberNameExists(role, memberName);
  } 

//Get a list of role member SIDs for a specified role
 public string[] GetRoleMembers(string storeUrl, string applicationName, string roleName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   return RoleMemberHelper.GetRoleMembers(role);
  }  

 public bool IsRoleMemberExists(string storeUrl, string applicationName, string roleName, string memberSID)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   IAzRole role = RoleHelper.GetRole(app, roleName);
   return RoleMemberHelper.IsRoleMemberExists(role, memberSID);
  }

Using the AzMan Helper Classes II

We have seen how to add a store,create an application, add an operation, add tasks, create roles, add application groups, and add users via SID or UPN to groups in AzMan using C#. All of these are available here.

Here is the second post regarding the usage of these helper classes:

//Get list of operation names of the application
  public string[] GetOperations(string storeUrl, string applicationName)
  {
   ArrayList operationNames = new ArrayList();

   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   foreach (IAzOperation operation in app.Operations)
   {
    operationNames.Add(operation.Name);
   }

   return (string[])operationNames.ToArray(typeof(string));
  }

  public void AddOperation(string storeUrl, string applicationName, string operationName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   OperationHelper.AddOperation(app, operationName);
  }

  public void RemoveOperation(string storeUrl, string applicationName, string operationName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   OperationHelper.RemoveOperation(app, operationName);
  }

  public bool IsOperationExists(string storeUrl, string applicationName, string operationName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return OperationHelper.IsOperationExists(app, operationName);
  }

  public string[] GetRoles(string storeUrl, string applicationName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return RoleHelper.GetRoleNames(app);
  }

  public void AddRole(string storeUrl, string applicationName, string roleName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   RoleHelper.AddRole(app, roleName);
  }

  public void RemoveRole(string storeUrl, string applicationName, string roleName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   RoleHelper.RemoveRole(app, roleName);
  }

  public bool IsRoleExists(string storeUrl, string applicationName, string roleName)
  {
   IAzApplication app = ApplicationHelper.GetApplication(storeUrl, applicationName);
   return RoleHelper.IsRoleExists(app, roleName);
  }

Using the AzMan Helper Classes

We have seen how to add a store,create an application, add an operation, add tasks, create roles, add application groups, and add users via SID or UPN to groups in AzMan using C#. All of these are available here. The question is, how do I use those classes. I will show below some practical uses:

public void AddStore(string storeUrl)
  {
   StoreHelper.CreateStore(storeUrl);
  }
   
  public void RemoveStore(string storeUrl)
  {
   StoreHelper.RemoveStore(storeUrl);
  }

  public bool IsStoreExists(string storeUrl)
  {
   return StoreHelper.IsStoreExists(storeUrl);
  }

//Get list of application names
  public string[] GetApplications(string storeUrl)
  {
   IAzAuthorizationStore store = StoreHelper.GetStore(storeUrl);   
   return ApplicationHelper.GetApplicationNames(store);
  }

  public void AddApplication(string storeUrl, string applicationName)
  {
   IAzAuthorizationStore store = StoreHelper.GetStore(storeUrl);
   ApplicationHelper.AddApplication(store, applicationName);
  }

  public void RemoveApplication(string storeUrl, string applicationName)
  {
   IAzAuthorizationStore store = StoreHelper.GetStore(storeUrl);
   ApplicationHelper.RemoveApplication(store, applicationName);
  }

  public bool IsApplicationExists(string storeUrl, string applicationName)
  {
   IAzAuthorizationStore store = StoreHelper.GetStore(storeUrl);
   return ApplicationHelper.IsApplicationExists(store, applicationName);
  }

Here are some very, very, very basic uses of the helper classes. I'll add a few more simple uses over the next day or so.

AzMan Add/Remove Members to Role by SID or UPN with C#

We have already seen how to add a store,create an application, add an operation, add tasks, create roles, and add application groups in AzMan using C#. Now, let's go on to adding users by name or SID to those roles using c#. I have uploaded a helper class here which has some comments not included in the short snippets below as well as some other methods (check if exists etc.). This class was designed to work with XML and AD (sorry not sql server yet).

One of the cool things is that you can add a member to a role by a SID. This though has to be done via code. Below you can find how to ao a bunch of this via SIDs...the helper class shows how you can do the same thing with UPN as well:

 public static void AddRoleMember(IAzRole role, string memberSID)
  {
   if (memberSID == null || memberSID.Length == 0)
   {
    throw new ArgumentNullException("memberSID", "Member SID can not be null or empty.");
   }
   if (role == null)
   {
    throw new ArgumentNullException("role", "Role can not be null.");
   }

   role.AddMember(memberSID, null);
   role.Submit(0, null);
  }

Now let's remove that member by SID from the role

 public static void RemoveRoleMember(IAzRole role, string memberSID)
  {
   if (memberSID == null || memberSID.Length == 0)
   {
    throw new ArgumentNullException("memberSID", "Member SID can not be null or empty.");
   }
   if (role == null)
   {
    throw new ArgumentNullException("role", "Role can not be null.");
   }

   role.DeleteMember(memberSID, null);
   role.Submit(0, null);
  }

How about returning true if role member SID exists?

 public static bool IsRoleMemberExists(IAzRole role, string memberSID)
  {
   if (memberSID == null || memberSID.Length == 0)
   {
    throw new ArgumentNullException("memberSID", "Member SID can not be null or empty.");
   }

   if (role == null)
   {
    throw new ArgumentNullException("role", "Role can not be null.");
   }

   foreach (string sid in GetRoleMemberNames(role))
   {
    if (String.Compare(memberSID, sid) == 0)
    {
     return true;
    }
   }
      
   return false;
  }

AzMan Create/Remove/Get SIDs or UPN ApplicationGroup with C#

We have already seen how to add a store,create an application, add an operation, add tasks, and create roles in AzMan using C#. Now, let's go on to creating an application group within AzMan as well as get the group member names and the group members by their SIDs or UPN using c#. I have uploaded a helper class here which has some comments not included in the short snippets below as well as some other methods (check if exists etc.). This class was designed to work with XML and AD (sorry not sql server yet).

 public static IAzApplicationGroup AddApplicationGroup(IAzApplication app, string applicationGroupName)
  {
   if (applicationGroupName == null || applicationGroupName.Length == 0)
   {
    throw new ArgumentNullException("applicationGroupName", "ApplicationGroup name can not be null or empty.");
   }
   if (app == null)
   {
    throw new ArgumentNullException("app", "Application can not be null.");
   }

   IAzApplicationGroup applicationGroup = app.CreateApplicationGroup(applicationGroupName, null);   

   applicationGroup.Submit(0, null);

   return applicationGroup;
  }

Now let's remove that group:

 public static void RemoveApplicationGroup(IAzApplication app, string applicationGroupName)
  {
   if (applicationGroupName == null || applicationGroupName.Length == 0)
   {
    throw new ArgumentNullException("applicationGroupName", "ApplicationGroup name can not be null or empty.");
   }
   if (app == null)
   {
    throw new ArgumentNullException("app", "Application can not be null.");
   }

   app.DeleteApplicationGroup(applicationGroupName , null);
   
   app.Submit(0, null);
  }

We need to get by the SID as well:

public static string[] GetApplicationGroupMembers(IAzApplicationGroup applicationGroup)
  {
   if (applicationGroup == null)
   {
    throw new ArgumentNullException("applicationGroup", "Application group can not be null.");
   }

   Array sourceApplicationGroupMembers = (Array)applicationGroup.Members;
   string[] applicationGroupMembers = new string[sourceApplicationGroupMembers.Length];
   sourceApplicationGroupMembers.CopyTo(applicationGroupMembers, 0);
   return applicationGroupMembers;
  }

Check the actual helper class on how to get the user based off UPN as well as a few other methods.

AzMan Create/Remove/Get Role with C#

We have already seen how to add a store,create an application, add an operation, and create tasks in AzMan using C#. Now, let's go on to creating a role using c#. I have uploaded a helper class here which has some comments not included in the short snippets below as well as some other methods (check if exists etc.). This class was designed to work with XML and AD (sorry not sql server yet).

public static IAzRole AddRole(IAzApplication app, string roleName)
  {
   if (roleName == null || roleName.Length == 0)
   {
    throw new ArgumentNullException("roleName", "Role name can not be null or empty.");
   }
   if (app == null)
   {
    throw new ArgumentNullException("app", "Application can not be null.");
   }

   IAzRole role = app.CreateRole(roleName, null);   

   role.Submit(0, null);

   return role;
  }

Now let's remove that role:

public static void RemoveRole(IAzApplication app, string roleName)
  {
   if (roleName == null || roleName.Length == 0)
   {
    throw new ArgumentNullException("roleName", "Role name can not be null or empty.");
   }
   if (app == null)
   {
    throw new ArgumentNullException("app", "Application can not be null.");
   }

   app.DeleteRole(roleName , null);
   
   app.Submit(0, null);
  }

Get role by name:

 public static IAzRole GetRole(IAzApplication app, string roleName)
  {
   if (roleName == null || roleName.Length == 0)
   {
    throw new ArgumentNullException("roleName", "Role name can not be null or empty.");
   }
   if (app == null)
   {
    throw new ArgumentNullException("app", "Application can not be null.");
   }

   return app.OpenRole(roleName, null);
  }

AzMan Create/Remove/Get Task with C#

We have already seen how to add a store,create an application, and add an operation in AzMan using C#. Now, let's go on to creating a task using c#. I have uploaded a helper class here which has some comments not included in the short snippets below as well as some other methods (check if exists etc.). This class was designed to work with XML and AD (sorry not sql server yet).

public static IAzTask AddRoleDefinition(IAzApplication app, string roleDefinitionName)
 {
  if (roleDefinitionName == null || roleDefinitionName.Length == 0)
  {
   throw new ArgumentNullException("roleDefinitionName", "RoleDefinition name can not be null or empty.");
  }
  if (app == null)
  {
   throw new ArgumentNullException("app", "Application can not be null.");
  }

  IAzTask roleDefinition = app.CreateTask(roleDefinitionName, null);
  roleDefinition.IsRoleDefinition = 1;
  roleDefinition.Submit(0, null);

  return roleDefinition;
 }

Now let's delete that task:

public static void RemoveRoleDefinition(IAzApplication app, string roleDefinitionName)
 {
  if (roleDefinitionName == null || roleDefinitionName.Length == 0)
  {
   throw new ArgumentNullException("roleDefinitionName", "RoleDefinition name can not be null or empty.");
  }
  if (app == null)
  {
   throw new ArgumentNullException("app", "Application can not be null.");
  }

  app.DeleteTask(roleDefinitionName , null);
 
  app.Submit(0, null);
 }

Get task by name:

public static IAzTask GetRoleDefinition(IAzApplication app, string roleDefinitionName)
 {
  if (roleDefinitionName == null || roleDefinitionName.Length == 0)
  {
   throw new ArgumentNullException("roleDefinitionName", "RoleDefinition name can not be null or empty.");
  }
  if (app == null)
  {
   throw new ArgumentNullException("app", "Application can not be null.");
  }

  return app.OpenTask(roleDefinitionName, null);
 }

AzMan Create/Remove/Get Operation with C#

Seems this is kind of shaping up into a bit of a series. As a background since someone asked me yesterday, all this code was used within a webservice for AzMan a few years ago. The idea was that the MMC console is really bad, and we wanted a better way to add things. Also, not everyone had access to the server and we wanted to make this web based for those users.

We have already seen how to add a store and create an application in AzMan using C#. Now, let's go on to creating an operation using c#. I have uploaded a helper class here which has some comments not included in the short snippets below as well as some other methods. This class was designed to work with XML and AD (sorry not sql server yet).

public static IAzOperation AddOperation(IAzApplication app, string operationName)
 {
  if (operationName == null || operationName.Length == 0)
  {
   throw new ArgumentNullException("operationName", "Operation name can not be null or empty.");
  }
  if (app == null)
  {
   throw new ArgumentNullException("app", "Application can not be null.");
  }

  IAzOperation operation = app.CreateOperation(operationName, null);  

  operation.Submit(0, null);

  return operation;
 }

Now let's delete that operation:

 public static void RemoveOperation(IAzApplication app, string operationName)
 {
  if (operationName == null || operationName.Length == 0)
  {
   throw new ArgumentNullException("operationName", "Operation name can not be null or empty.");
  }
  if (app == null)
  {
   throw new ArgumentNullException("app", "Application can not be null.");
  }

  app.DeleteOperation(operationName , null);
 
  app.Submit(0, null);
 } 

Get operation by name:

public static IAzOperation GetOperation(IAzApplication app, string operationName)
 {
  if (operationName == null || operationName.Length == 0)
  {
   throw new ArgumentNullException("operationName", "Operation name can not be null or empty.");
  }
  if (app == null)
  {
   throw new ArgumentNullException("app", "Application can not be null.");
  }

  return app.OpenOperation(operationName, null);
 }

AzMan Create/Remove Application with C#

As I continue to go through my old AzMan projects, I am going to show some more helper classes that I whipped up. I already showed how easy it is to create a store, but what about an application? Well, this is also easily done with the current API. I have uploaded a helper class here which has some comments not included in the short snippets below as well as simple checking for existing store. This class was designed to work with XML and AD (sorry not sql server yet).

Some examples:

public static IAzApplication AddApplication(IAzAuthorizationStore store, string applicationName)
 {
  if (applicationName == null || applicationName.Length == 0)
  {
   throw new ArgumentNullException("applicationName", "Application name can not be null or empty.");
  }
  if (store == null)
  {
   throw new ArgumentNullException("store", "Store can not be null.");
  }

  IAzApplication app = store.CreateApplication(applicationName, null);

  app.Submit(0, null);

  return app;
 }

Here is how to remove that application:

public static void RemoveApplication(IAzAuthorizationStore store, string applicationName)
 {
  if (applicationName == null || applicationName.Length == 0)
  {
   throw new ArgumentNullException("applicationName", "Application name can not be null or empty.");
  }
  if (store == null)
  {
   throw new ArgumentNullException("store", "Store can not be null.");
  }

  store.DeleteApplication(applicationName , null);
 
  store.Submit(0, null);
 }

How about just getting the application:

public static IAzApplication GetApplication(string storeUrl, string applicationName)
 {
  if (applicationName == null || applicationName.Length == 0)
  {
   throw new ArgumentNullException("applicationName", "Application name can not be null or empty.");
  }
  if (storeUrl == null || storeUrl.Length == 0)
  {
   throw new ArgumentNullException("storeUrl", "Store URL can not be null or empty.");
  }

          //http://www.box.net/shared/ubs0oebs0l to get storehelper
  IAzAuthorizationStore store = StoreHelper.GetStore(storeUrl);
  return store.OpenApplication(applicationName, null);
 }

What about getting application names from the store?

public static string[] GetApplicationNames(IAzAuthorizationStore store)
 {
  if (store == null)
  {
   throw new ArgumentNullException("store", "Store can not be null.");
  }

  ArrayList applicationNames = new ArrayList();
 
  foreach (IAzApplication app in store.Applications)
  {
   applicationNames.Add(app.Name);
  }

  return (string[])applicationNames.ToArray(typeof(string));
 }

AzMan Create/Remove Store with C#

I was looking through some old projects I did in AzMan as some are relevant to questions I received over the last few weeks. One person wanted to be able to create/remove a store through c#. This is easily done with the current API. I have uploaded a helper class here which has some comments not included in the short snippets below as well as simple checking for existing store. This class was designed to work with XML and AD (sorry not sql server yet).

Some examples:

public static IAzAuthorizationStore CreateStore(string storeUrl)
  {
   if (storeUrl == null || storeUrl.Length == 0)
   {
    throw new ArgumentNullException("storeUrl", "Store URL can not be null or empty.");
   }

   IAzAuthorizationStore store = new AzAuthorizationStoreClass();
   store.Initialize(1, storeUrl, null);

   store.Submit(0, null);

   return store;
  }

Here is how to remove that store:

public static void RemoveStore(string storeUrl)
  {
   if (storeUrl == null || storeUrl.Length == 0)
   {
    throw new ArgumentNullException("storeUrl", "Store URL can not be null or empty.");
   }

   IAzAuthorizationStore store = GetStore(storeUrl);   

   store.Delete(null);
  }  

AzMan Bulk Import/Export Tool V2

Some people have been asking me for this. I have been a bit busy lately on other things...but I promise I will get to it soon.

AzMan and Powershell

I figured I would start this as a work in progress. How can I connect to AzMan using Powershell?

$AppName = "MyAppName"

# Open the store
$AzStore = new-object -COMObject AzRoles.AzAuthorizationStore
$AzStore.Initialize(0, "msxml://E:\BigBadAzMan.xml", $null)

# Access the app
$MyApp = $AzStore.OpenApplication($AppName)
$MyApp.Submit()

# now do stuff

What can you do with the above so far? Well, you can extend it to do anything you like. Add roles, Add operations, Add users to roles, and anything else the AzMan API gives you. Maybe I'll build on this and start to build a powershell provider for AzMan (I believe some basic ones already exist).

--Work in Progress