V
Vic
I'm trying to assign all roles (AD and custom pulled from SQL Table)
to users when they login to the app using Windows Authentication. The
code works fine for local users but fails for AD users if the IIS
server is a member server of the domain. It does seem to work however
if the IIS server is a domain controller (not an option,
unfortunately).
In the global.asax under the WindowsAuthentication_OnAuthenticate
event I grab all the WindowsPrincipal roles using reflection
(...GetMethod("GetRoles"...), grab all the custom roles from the db,
create a GenericPrincipal and assign them. I then assign the
GenericPrincipal to the HttpContext.Current.User.
On my first default.aspx page, I use reflection again to parse out the
roles of my HttpContext.User (...GetField("m_roles"...) and it returns
successfully all the roles I have assigned in the global.asax. The
HttpContext.Current.User.IsInRole("...") however consistently returns
false when checking for any of the SQL roles added, yet works for the
rest.
It seems that in the cases where it fails (windows authentication
against AD using AD account on an IIS member server), the IsInRole
seems to query exclusively against the ORIGINAL WindowsPrincipal,
regardless of what I attempt in my code. I have tried creating my own
custom principal class, played with impersonate options, tried using
Thread instead of HttpContext, etc... to no avail.
Anyone able to shed some light on why this is happening? And
hopefully provide me with a solution?
Victor
to users when they login to the app using Windows Authentication. The
code works fine for local users but fails for AD users if the IIS
server is a member server of the domain. It does seem to work however
if the IIS server is a domain controller (not an option,
unfortunately).
In the global.asax under the WindowsAuthentication_OnAuthenticate
event I grab all the WindowsPrincipal roles using reflection
(...GetMethod("GetRoles"...), grab all the custom roles from the db,
create a GenericPrincipal and assign them. I then assign the
GenericPrincipal to the HttpContext.Current.User.
On my first default.aspx page, I use reflection again to parse out the
roles of my HttpContext.User (...GetField("m_roles"...) and it returns
successfully all the roles I have assigned in the global.asax. The
HttpContext.Current.User.IsInRole("...") however consistently returns
false when checking for any of the SQL roles added, yet works for the
rest.
It seems that in the cases where it fails (windows authentication
against AD using AD account on an IIS member server), the IsInRole
seems to query exclusively against the ORIGINAL WindowsPrincipal,
regardless of what I attempt in my code. I have tried creating my own
custom principal class, played with impersonate options, tried using
Thread instead of HttpContext, etc... to no avail.
Anyone able to shed some light on why this is happening? And
hopefully provide me with a solution?
Victor