Home/ Questions/Q 3627366
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T23:52:45+00:00

I need to generate custom SIDs for users in my web application for use

  • 0

I need to generate custom SIDs for users in my web application for use with Microsoft AzMan. What is the best way to do this? What do I need to know before doing this?

This is what I’m thinking, but I’m not sure if I’m missing something:

S-1-9-1234-{user_id + 1000}

S-{first revision}-{resource manager authority}-{domain (unique number for the specific app)}-{unique id for user}

UPDATE: Changed to resource manager authority because of David Crawford’s blog entry: http://blogs.msdn.com/dc995/archive/2006/08/23/715021.aspx

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As I found from the MSDN’s Developing Applications Using Windows Authorization Manager article:

    When creating custom SIDs you must establish a SID design for your application. For example, you might have S-1-9-AppInstanceGUID-UserGuid, where 9 is the resource manager sub-authority and AppInstanceGUID and UserGUID are each broken into four sub-authorities. You can also use S-1-9-AppInstanceGuid-UserRID, where UserRID is a unique number for the user in the scope of the application instance. If you want to use custom groups you can create a SID for each group using either of these techniques. For sample code that generates a GUID, see the Microsoft Windows Software Development Kit (SDK).

    So it looks like the AzMan allows you generate SID in the way it fits most to your needs.
    And the only thing you need is to make sure that SIDs generated for semantically different users are unique. (Even if generated on different machines.)

    • 0