[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

WindowsTokenRoleProvider IsInRole

Posted on 2011-09-17
9
Medium Priority
?
369 Views
Last Modified: 2012-05-12
I have an intranet app where I am allowing access to certain pages based on the department the user belongs.  Works fine in debug mode, but when I deploy to my local IIS, my code does not work properly.  

I am using

            var User = System.Web.HttpContext.Current.User;
            var wi = new WindowsTokenRoleProvider();
                if (wi.IsUserInRole(User.Identity.Name, "Domain\\RSExecutive").ToString().ToLower() == "true")
                {
                    Session.Add("manager", "Yes");
                }
     else
                {
                    Session.Add("manager", "No");
                }

Open in new window


Works fine debugging.  I get a value of True as expected. Once I publish, I get False, which is incorrect.. Windows Authentication mode, impersonation set to true, and Role provider is AspNetWindowsTokenRoleProvider

This is a 2010 environment and in 4.0

Thanks in advance.
0
Comment
Question by:rmartin15
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 

Author Comment

by:rmartin15
ID: 36556229
Sorry, another clue I should've mentioned.

Debugging,  my domain\username is displayed per the design.  Published,   No username is displayed.  So something in the published environment prevents my windows account info from being read.

Thanks
0
 
LVL 4

Expert Comment

by:guramrit
ID: 36556618
Try to check the value of User.IsAuthenticated. See if it's false.
0
 

Author Comment

by:rmartin15
ID: 36556671
Thanks.

I did that and the user is not Authenticated
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Expert Comment

by:guramrit
ID: 36556748
Make sure WindowsAuthentication is not disabled. and see http://stackoverflow.com/questions/6251918/windows-authentication-problem-in-iis-7-5 for reference.

Now make that page restricted to logged in users through web.config, then upon visiting that page you'll see a login form. Enter details and check your result.
0
 
LVL 4

Expert Comment

by:guramrit
ID: 36556766
or Try using following code in web.config
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false"/>
        <windowsAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>

I've disabled anonymousAuthentication to make login form show.
0
 

Author Comment

by:rmartin15
ID: 36557677
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Here is the error I receive when going to my website

This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

I'll look into resolving this issue.
0
 
LVL 4

Accepted Solution

by:
guramrit earned 2000 total points
ID: 36558179
I've reproduced this error on my side too.
Now, you'll need to made some changes to applicationhost.config, which you can find at %systemroot%\System32\inetsrv\config\applicationHost.config.

1. look this file for
    <add name="WindowsAuthenticationModule" lockItem="true" />
               and change it to
     <add name="WindowsAuthenticationModule" lockItem="false" />

2. <section name="anonymousAuthentication" overrideModeDefault="Deny" />
            to
     <section name="anonymousAuthentication" overrideModeDefault="Allow" />

3. <section name="windowsAuthentication" overrideModeDefault="Deny" />
             to
    <section name="windowsAuthentication" overrideModeDefault="Allow" />

0
 
LVL 19

Expert Comment

by:Amandeep Singh Bhullar
ID: 37913931
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question