Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > User.IsInRole in fails unless authorization section limits access

Thread Tools

User.IsInRole in fails unless authorization section limits access
Posts: n/a
I have a web page that any authenticated user can access, but I
dynamically enable/disable other controls on the web page
based on the Role that they are in via C# code behind. My web
config is as follows...

<deny users="?" />

<authentication mode="Windows" />

I am hosted on Windows 2003 Server, IIS 6, Enable Anonymous access is
turned off, and Integrated Windows Authentication is turned on.

When the user accesses the web page, I get the proper User name via
Context.User, System.Threading.Thread.CurrentPrincipal,
HttpContext.Current.User, etc. They all contain the user's proper
domain name and user name (e.g. MyDomain\bjones). But, if I call
User.IsInRole on a role that this user belongs to, it returns
false. When the user accesses this page, they are not prompted for
their username and password, so single signon working here.

Now, I have a subdirectory directory that is restricted using roles,
so its directory has its own web.config

<allow roles="Test" />
<deny users="*" />

Here if the user accesses this page then they are prompted to enter in
their username and password. First question, why are they prompted
for this when we already know who they are and they are in the "Test"

After the user enters in their credentials and accesses the page ok,
they return back to the first page. At this point, the User.IsInRole
now starts working. It appears that the logon prompt of the user
caused the IsInRole to now start returning TRUE. Why does it now

Nothing really different about the virtual directories. If I change
the 1st directory to have the same authorization as the 2nd directory,
then they are prompted for username and password and IsInRole works.
Have also tried...

<allow users="*">
<deny users="?">

Thanks for any help,


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
User.IsInRole in fails unless authorization section limits access ASP .Net Security 0 08-10-2007 07:27 PM
Problem with web.config inheritance and <authorization> section Max2006 ASP .Net 10 07-19-2007 02:44 PM
URL Authorization does not override File Authorization? SeanRW ASP .Net Security 1 05-25-2006 06:18 AM
Enterprise Library Jan 2006 - custom exception formatter fails unless running debugger David Herbst ASP .Net 1 01-29-2006 04:02 PM
Unless unless Gábor SEBESTYÉN Ruby 3 06-17-2005 08:54 AM