469,609 Members | 1,574 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,609 developers. It's quick & easy.

User.IsInRole in fails unless authorization section limits access

I have a web page that any authenticated user can access, but I
dynamically enable/disable other asp.net controls on the web page
based on the Role that they are in via C# code behind. My web
config is as follows...

<deny users="?" />

<authentication mode="Windows" />

I am hosted on Windows 2003 Server, IIS 6, Enable Anonymous access is
turned off, and Integrated Windows Authentication is turned on.

When the user accesses the web page, I get the proper User name via
Context.User, System.Threading.Thread.CurrentPrincipal,
HttpContext.Current.User, etc. They all contain the user's proper
domain name and user name (e.g. MyDomain\bjones). But, if I call
User.IsInRole on a role that this user belongs to, it returns
false. When the user accesses this page, they are not prompted for
their username and password, so single signon working here.

Now, I have a subdirectory directory that is restricted using roles,
so its directory has its own web.config

<allow roles="Test" />
<deny users="*" />

Here if the user accesses this page then they are prompted to enter in
their username and password. First question, why are they prompted
for this when we already know who they are and they are in the "Test"

After the user enters in their credentials and accesses the page ok,
they return back to the first page. At this point, the User.IsInRole
now starts working. It appears that the logon prompt of the user
caused the IsInRole to now start returning TRUE. Why does it now

Nothing really different about the virtual directories. If I change
the 1st directory to have the same authorization as the 2nd directory,
then they are prompted for username and password and IsInRole works.
Have also tried...

<allow users="*">
<deny users="?">

Thanks for any help,


Aug 10 '07 #1
0 1863

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Feldman Alex | last post: by
4 posts views Thread by Mark | last post: by
1 post views Thread by John Dalberg | last post: by
3 posts views Thread by Vadym Stetsyak | last post: by
8 posts views Thread by Oliver Rainer | last post: by
8 posts views Thread by Mark White | last post: by
33 posts views Thread by JamesB | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.