Ropstah Ropstah - 3 years ago 279
ASP.NET (C#) Question

ASP.NET Membership - Which RoleProvider to use so User.IsInRole() checks ActiveDirectory Groups?

Very simple question actually:

I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.

I currently have this in my Web.Config:


I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")

However I still like to know if the <membership> entry is needed at all?

What should I change? (and is the <membership> entry needed at all?)

<authentication mode="Windows">
timeout="10" />

<membership defaultProvider="ADMembershipProvider">
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

<roleManager enabled="true" defaultProvider="WindowsProvider">
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />

Answer Source

If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.

In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.

So no, you don't need the provider configuration at all.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download