Last I mentioned, I was learning about the benefits of Active Directory Application Mode. The code is 95%+ complete, and the solution is working exactly as I wanted. ADAM has fit in wonderfully and is providing a very good foundation for an authorization and authentication system.
There really haven’t been many problems, other than a very small universe of documentation. The .NET 2.0 class library has some great additions for dealing with security descriptors (System.Security.AccessControl) and directory services (System.DirectoryServices) in general. Without these namespaces, it would have been a bear to deal with.
When tasked with building this stuff, I first looked at incorporating Microsoft’s Authorization Manager (AzMan) which can also sit atop an Active Directory. It provided a lot of what our solution needed but lacked one critical piece – the ability to have a security hierarchy. It only allows you to define a flat list (technically a hierarchy of two levels) of operations to secure when we needed a tree. So, building our own on ADAM has been working out great!