• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

WindowsTokenRoleProvider IsInRole

I have an intranet app where I am allowing access to certain pages based on the department the user belongs.  Works fine in debug mode, but when I deploy to my local IIS, my code does not work properly.  

I am using

            var User = System.Web.HttpContext.Current.User;
            var wi = new WindowsTokenRoleProvider();
                if (wi.IsUserInRole(User.Identity.Name, "Domain\\RSExecutive").ToString().ToLower() == "true")
                    Session.Add("manager", "Yes");
                    Session.Add("manager", "No");

Open in new window

Works fine debugging.  I get a value of True as expected. Once I publish, I get False, which is incorrect.. Windows Authentication mode, impersonation set to true, and Role provider is AspNetWindowsTokenRoleProvider

This is a 2010 environment and in 4.0

Thanks in advance.
  • 4
  • 3
1 Solution
rmartin15Author Commented:
Sorry, another clue I should've mentioned.

Debugging,  my domain\username is displayed per the design.  Published,   No username is displayed.  So something in the published environment prevents my windows account info from being read.

Try to check the value of User.IsAuthenticated. See if it's false.
rmartin15Author Commented:

I did that and the user is not Authenticated
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Make sure WindowsAuthentication is not disabled. and see http://stackoverflow.com/questions/6251918/windows-authentication-problem-in-iis-7-5 for reference.

Now make that page restricted to logged in users through web.config, then upon visiting that page you'll see a login form. Enter details and check your result.
or Try using following code in web.config
        <anonymousAuthentication enabled="false"/>
        <windowsAuthentication enabled="true" />

I've disabled anonymousAuthentication to make login form show.
rmartin15Author Commented:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Here is the error I receive when going to my website

This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

I'll look into resolving this issue.
I've reproduced this error on my side too.
Now, you'll need to made some changes to applicationhost.config, which you can find at %systemroot%\System32\inetsrv\config\applicationHost.config.

1. look this file for
    <add name="WindowsAuthenticationModule" lockItem="true" />
               and change it to
     <add name="WindowsAuthenticationModule" lockItem="false" />

2. <section name="anonymousAuthentication" overrideModeDefault="Deny" />
     <section name="anonymousAuthentication" overrideModeDefault="Allow" />

3. <section name="windowsAuthentication" overrideModeDefault="Deny" />
    <section name="windowsAuthentication" overrideModeDefault="Allow" />

Amandeep Singh BhullarCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now