Solved

WindowsTokenRoleProvider IsInRole

Posted on 2011-09-17
9
361 Views
Last Modified: 2012-05-12
I have an intranet app where I am allowing access to certain pages based on the department the user belongs.  Works fine in debug mode, but when I deploy to my local IIS, my code does not work properly.  

I am using

            var User = System.Web.HttpContext.Current.User;
            var wi = new WindowsTokenRoleProvider();
                if (wi.IsUserInRole(User.Identity.Name, "Domain\\RSExecutive").ToString().ToLower() == "true")
                {
                    Session.Add("manager", "Yes");
                }
     else
                {
                    Session.Add("manager", "No");
                }

Open in new window


Works fine debugging.  I get a value of True as expected. Once I publish, I get False, which is incorrect.. Windows Authentication mode, impersonation set to true, and Role provider is AspNetWindowsTokenRoleProvider

This is a 2010 environment and in 4.0

Thanks in advance.
0
Comment
Question by:rmartin15
  • 4
  • 3
9 Comments
 

Author Comment

by:rmartin15
ID: 36556229
Sorry, another clue I should've mentioned.

Debugging,  my domain\username is displayed per the design.  Published,   No username is displayed.  So something in the published environment prevents my windows account info from being read.

Thanks
0
 
LVL 4

Expert Comment

by:guramrit
ID: 36556618
Try to check the value of User.IsAuthenticated. See if it's false.
0
 

Author Comment

by:rmartin15
ID: 36556671
Thanks.

I did that and the user is not Authenticated
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 4

Expert Comment

by:guramrit
ID: 36556748
Make sure WindowsAuthentication is not disabled. and see http://stackoverflow.com/questions/6251918/windows-authentication-problem-in-iis-7-5 for reference.

Now make that page restricted to logged in users through web.config, then upon visiting that page you'll see a login form. Enter details and check your result.
0
 
LVL 4

Expert Comment

by:guramrit
ID: 36556766
or Try using following code in web.config
  <system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false"/>
        <windowsAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>

I've disabled anonymousAuthentication to make login form show.
0
 

Author Comment

by:rmartin15
ID: 36557677
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Here is the error I receive when going to my website

This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

I'll look into resolving this issue.
0
 
LVL 4

Accepted Solution

by:
guramrit earned 500 total points
ID: 36558179
I've reproduced this error on my side too.
Now, you'll need to made some changes to applicationhost.config, which you can find at %systemroot%\System32\inetsrv\config\applicationHost.config.

1. look this file for
    <add name="WindowsAuthenticationModule" lockItem="true" />
               and change it to
     <add name="WindowsAuthenticationModule" lockItem="false" />

2. <section name="anonymousAuthentication" overrideModeDefault="Deny" />
            to
     <section name="anonymousAuthentication" overrideModeDefault="Allow" />

3. <section name="windowsAuthentication" overrideModeDefault="Deny" />
             to
    <section name="windowsAuthentication" overrideModeDefault="Allow" />

0
 
LVL 19

Expert Comment

by:Amandeep Singh Bhullar
ID: 37913931
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question