I created a web application using Microsoft AzMan and it works great until you have multiple users. I am almost 100% sure that AzMan caches the same material for multiple users.
To simplify this, the problem that I see is that user A goes to the site and has full access, the user is given the correct access, and he can work fine. Then user B goes to the site, has only access to the view, but since AzMan has already seen the user Full access, he also provides full access to user B.
I use the AddStringSids method when creating the client context, because this is the only method that will work for each situation. Is there a problem with this? We didn’t have this problem before when we created client contexts from a token.
The following is the exact code that I use to create the context. app is the IAzApplication2 variable, and ClientContext.SID is the SecurityIdentifier for this user.
IAzClientContext2 cctx = app.InitializeClientContext2("AppNameHere", null);
cctx.AddStringSids(new object[] { (object)ClientContext.SID.ToString() } as object);
EDIT: I don't use the ASP.Net role provider at all, as this requires the application to be role aware. I use only COM API.
EDIT 2: Also, if user B logged on first, then user A does not have access to log on. Thus, it does not just maintain a high level of access.