User.IsInRole, Roles.IsUserInRole not showing me as member of group

Posted on 2014-08-22
Last Modified: 2014-09-25
Hi, I am trying to build a website for our domain and trusted domain at the start I got our Network guys to put the users into an AD group which was universal security group and put it into authorization in Web.config and this worked perfectly in Development and everybody could hit it until I put it into production (the production web server is in a DMZ) then the website would open for nobody except me. So I changed the code so it did not challenge you when entering site <all users="*"> but when you tried to do anything it challenged you there with
 if (Roles.IsUserInRole(User.Identity.Name, @"Domain\Secure Group")

Open in new window

but it does not recognise me as in the group (This is back in the development server) but if I check AD it shows I am a member. I tried changing the group to other groups to double check it is working and if I put in any other group it comes back true.
I am totally at a loss and not sure what direction to go now. Any help would be greatly appreciated
Question by:Niall292
    LVL 23

    Accepted Solution

    It sounds like your DMZ is not allowing traffic back to the DC's in the domain. (This is generally not surprising.. most firewall & systems admin don't like to allow that at all).  You'll need to configure that backend authentication path from your server back to a DC through the firewall.  

    If you can get that enabled, then your site should work.


    Author Comment

    That seems to make sense for when it was in production and I will ask our network guys to try it on Monday but also do you have any idea why IsInRole is not working in development and only on that one group
    LVL 23

    Expert Comment

    My guess (purely a guess) would be that somehow it recognized that your account had the permissions before it was put in the DMZ, unless you have local admin rights?

    LVL 19

    Assisted Solution

    A little of topic but using ADFS instead on open your firewall to your internal DC's would be more secure

    Author Comment

    Just an update, eventually some of the network guys asked me was I still having problems and to try it now and suddenly it was working.
    According to them they did nothing and I know I didn't do anything so I am not sure how it got fixed but it did.

    Author Closing Comment

    I can't say for definite if these answers were right but they make the most sense to me.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
    A publishing tool, a Version Control System, or a Collaboration Platform! These can be some of the defining words for the two very famous web-hosting Git repositories: Bitbucket and Github. Git is widely used amongst the programmers and developers f…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t… provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now