WindowsTokenRoleProvider IsInRole

I have an intranet app where I am allowing access to certain pages based on the department the user belongs.  Works fine in debug mode, but when I deploy to my local IIS, my code does not work properly.  

I am using

            var User = System.Web.HttpContext.Current.User;
            var wi = new WindowsTokenRoleProvider();
                if (wi.IsUserInRole(User.Identity.Name, "Domain\\RSExecutive").ToString().ToLower() == "true")
                    Session.Add("manager", "Yes");
                    Session.Add("manager", "No");

Open in new window

Works fine debugging.  I get a value of True as expected. Once I publish, I get False, which is incorrect.. Windows Authentication mode, impersonation set to true, and Role provider is AspNetWindowsTokenRoleProvider

This is a 2010 environment and in 4.0

Thanks in advance.
Who is Participating?
guramritConnect With a Mentor Commented:
I've reproduced this error on my side too.
Now, you'll need to made some changes to applicationhost.config, which you can find at %systemroot%\System32\inetsrv\config\applicationHost.config.

1. look this file for
    <add name="WindowsAuthenticationModule" lockItem="true" />
               and change it to
     <add name="WindowsAuthenticationModule" lockItem="false" />

2. <section name="anonymousAuthentication" overrideModeDefault="Deny" />
     <section name="anonymousAuthentication" overrideModeDefault="Allow" />

3. <section name="windowsAuthentication" overrideModeDefault="Deny" />
    <section name="windowsAuthentication" overrideModeDefault="Allow" />

rmartin15Author Commented:
Sorry, another clue I should've mentioned.

Debugging,  my domain\username is displayed per the design.  Published,   No username is displayed.  So something in the published environment prevents my windows account info from being read.

Try to check the value of User.IsAuthenticated. See if it's false.
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

rmartin15Author Commented:

I did that and the user is not Authenticated
Make sure WindowsAuthentication is not disabled. and see for reference.

Now make that page restricted to logged in users through web.config, then upon visiting that page you'll see a login form. Enter details and check your result.
or Try using following code in web.config
        <anonymousAuthentication enabled="false"/>
        <windowsAuthentication enabled="true" />

I've disabled anonymousAuthentication to make login form show.
rmartin15Author Commented:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Here is the error I receive when going to my website

This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

I'll look into resolving this issue.
Amandeep Singh BhullarCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.