User.IsInRole, Roles.IsUserInRole not showing me as member of group

Hi, I am trying to build a website for our domain and trusted domain at the start I got our Network guys to put the users into an AD group which was universal security group and put it into authorization in Web.config and this worked perfectly in Development and everybody could hit it until I put it into production (the production web server is in a DMZ) then the website would open for nobody except me. So I changed the code so it did not challenge you when entering site <all users="*"> but when you tried to do anything it challenged you there with
 if (Roles.IsUserInRole(User.Identity.Name, @"Domain\Secure Group")

Open in new window

but it does not recognise me as in the group (This is back in the development server) but if I check AD it shows I am a member. I tried changing the group to other groups to double check it is working and if I put in any other group it comes back true.
I am totally at a loss and not sure what direction to go now. Any help would be greatly appreciated
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It sounds like your DMZ is not allowing traffic back to the DC's in the domain. (This is generally not surprising.. most firewall & systems admin don't like to allow that at all).  You'll need to configure that backend authentication path from your server back to a DC through the firewall.  

If you can get that enabled, then your site should work.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Niall292Author Commented:
That seems to make sense for when it was in production and I will ask our network guys to try it on Monday but also do you have any idea why IsInRole is not working in development and only on that one group
My guess (purely a guess) would be that somehow it recognized that your account had the permissions before it was put in the DMZ, unless you have local admin rights?

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

A little of topic but using ADFS instead on open your firewall to your internal DC's would be more secure
Niall292Author Commented:
Just an update, eventually some of the network guys asked me was I still having problems and to try it now and suddenly it was working.
According to them they did nothing and I know I didn't do anything so I am not sure how it got fixed but it did.
Niall292Author Commented:
I can't say for definite if these answers were right but they make the most sense to me.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.