Reputation: 17804
ASP.NET Membership - Which RoleProvider to use so User.IsInRole() checks ActiveDirectory Groups?
Very simple question actually:
I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.
I currently have this in my Web.Config:
UPDATE
I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")
However I still like to know if the <membership> entry is needed at all?
What should I change? (and is the <membership> entry needed at all?)
<authentication mode="Windows">
<forms
name=".ADAuthCookie"
timeout="10" />
</authentication>
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add
name="ADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXX\specialAdUser"
connectionPassword="xx"
/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="WindowsProvider">
<providers>
<clear />
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
Upvotes: 9
Views: 8198
Answers (5)
Reputation: 56550
If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.
In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.
So no, you don't need the provider configuration at all.
Upvotes: 4
Reputation: 755321
Out of the box, there's no role provider to use Active Directory directly. You can use the role table in the ASP.NET membership- and role-system, or you can use Authorization Manager (AzMan).
There's an article on CodeProject which shows the implementation of a role provider which works against the Active Directory - with full source code. Maybe this helps?
Marc
Upvotes: 0
Reputation: 17501
Pretty sure the only thing you need in there is the roleManager group (along with the base authentication mode='windows' setting)
Upvotes: 0
Reputation: 11792
The membership provider here isn't going to help. The ActiveDirectoryMembershipProvider seems to best(only?) fit with Forms authentication.
Upvotes: 1
Related Questions
- ASP.NET active directory authentication User.IsInRole
- What is the difference between theses two methods in roleprovider?
- Is RoleProvider needed to use [Authorize(Roles = "Admin")]?
- ASP.NET Membership and Roles
- User.IsInRole vs Roles.IsUserInRole in AuthenticateRequest
- Web App Active Directory User Roles vs User.IsInRole
- ASP .NET authentication against Active Directory and Roles via ASP.NET role provider
- asp.net membership/roles provider question
- ASP.NET Role Provider vs Membership Provider
- Difference between Roles.GetRolesForUser and Roles.Provider.GetRolesForUser?