Windows Authentication

[denhoffk]

I'm using windows authentication for my web app. It works fine on my local development machine but when I access my pages on the web server it doesn't appear to be working. The web server is on the domain running IIS 6.xxx, the same as my development machine. The web.config file is as follows:

</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>

the code on the page load event is:
if (!Roles.IsUserInRole(User.Identity.Name, @"InfiMed\IS"))
{
this.cmdAddNew.Visible = false;
this.gvEmployees.Columns[9].Visible = false;
}

The setting for the IIS appear to be the same, is there something in the security policies that I'm missing?

 

[adamroof]

What doesnt seem to work? Do you get errors, or prompted for credentials?

Is your IIS directory set to IWA? Uncheck anonymous?

User.Identity.Name would return the ASP.net account unless you use the impersonate=true in your web.config as well

you can use

System.Security.Principal.WindowsIdentity whoAmI = System.Security.Principal.WindowsIdentity.GetCurrent; 
string strUser = whoAmI.Name; 

void Page_Init() 
{ 
if (!Roles.IsUserInRole(strUser, @"InfiMed\IS"))
{
    this.cmdAddNew.Visible = false;
    this.gvEmployees.Columns[9].Visible = false;
}

}

 

[denhoffk]

I'm sorry, what doesn't work is
Roles.IsUserInRole(User.Identity.Name, @"InfiMed\IS") comes back false and then the buttons don't become visible. This occurs without error. On my machine it works fine. the InfiMed\IS is part of the Active directory under the Groups node. What I want to do is only enable the controls to the "IS" group in the organization.

 

[adamroof]

can u try using the WindowsIdentity instead of the user.identity

WindowsIdentity wUser = WindowsIdentity.GetCurrent; 
WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent()); 
string strUser = wUser.name; 

// load--
if (wp.IsInRole(@"InfiMed\IS")) { 
 this.cmdAddNew.Visible = false; 
 this.gvEmployees.Columns(9).Visible = false; 
} else { 
 this.cmdAddNew.Visible = true; 
 this.gvEmployees.Columns(9).Visible = true; 
}

 

[denhoffk]

Thanks for the reply. I tried using the windows principal without success. It pretty much did what the Roles provider did, nothing. This works as I said on my machine (as did your code). Is there some setting I'm not catching on the server?

 

[adamroof]

Did you confirm if Anonymous is unchecked and IWA is checked on the directory properties on the web server?

Does the web.config have the authentication mode=windows in it?

are u sure 2.0 is on the server?

easy debug...
create a label somewhere extra and add in

    protected void Page_Load(object sender, EventArgs e)
    {
        string[] members = Roles.GetRolesForUser();
        Label1.Text += "Usr: " + User.Identity.Name + "<br>";
        foreach (string role in members)
        {            
            Label1.Text += role + "<br>";
        }
        
    }

 

[denhoffk]

The unchecking of the Allow Anonymous worked and I already had IWA checked. The server is 2003 and I am using 2.0. I just don't understand why on my development machine it worked with Allow Anonymous checked unless it's because my machine is Win 2000 with IIS 5.0.

Thanks for the help.