Hi,

I would appreciate advise on what is incorrect in the following sample code? The result I get is always that the panel is not visible, even though the authenticated user is a member of 'Domain\ADGroup'.

If I can at least confirm the code 'should' work, that would be a help.

Page.aspx.vb

If HttpContext.Current.User.IsInRole("Domain\ADGroup") Then
            Panel1.Visible = True
            Label1.Text = "Hello"
        Else
            Panel1.Visible = False
            Label1.Text = "Not working"
        End If

Web.config

  <connectionStrings>
      <add name="ADService" connectionString="LDAP://Domain.internal"/>
      <add name="ApplicationServices" connectionString="Data Source=Server;Initial Catalog=ASPNETDB;Persist Security Info="blah blah" providerName="System.Data.SqlClient"/>
  </connectionStrings>

<authentication mode="Windows"/>
      <identity impersonate="true"/>
      <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
          <providers>
              <clear/>
              <add name="AspNetActiveDirectoryMembershipProvider" enableSearchMethods="true" type="System.Web.Security.ActiveDirectoryMembershipProvider,  System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName"/>
          </providers>
      </membership>
      <profile>
          <providers>
              <clear/>
              <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
          </providers>
      </profile>
      <roleManager enabled="true">
          <providers>
              <clear/>
              <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
              <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"/>
              <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
          </providers>
      </roleManager>

Many thanks in advance..

Hi,
I take it this is on an Intranet site. If not, you should look at using other methods of authentication for security reasons.

Anyway now that is out of the way, are you sure the user is acessing the site as their own account and not the IGuest user of the web server?

Check the Authentication method of the Site on the server. It depends on which version of IIS you are using where it is but, if anonymous access is enabled and other forms of authentication are disabled then the user will be logging into the site as the webservers iGuest user which is a user local to the web server and not a domain user.

Also, check that the Application pool being used by the site loads the user profile and doesn't run as a particular user (again depands on the version of IIS you are running how you do this.)

If this is happening during a debug / step through then I think by default it should authenticate you automatically (although, bear in mind the above when you do deploy to live site, ) in which case you need to to look at your authentication methods in the config file which I'm a bit rusty on, (I haven't built a web site from scratch since last December,) check the user is actually authenticating under their domain account may be by returning the account name in a message box or something.

Hi, and thanks for your response.

The site is on IIS6 WinSrv03 and all forms of Authentication are disabled execpt for Integrated Windows.

It has it's own Application Pool set with all defaults under Network Service identity.

I can confirm the user is being identified (as you suggested)..

Dim CurrentUser As String = HttpContext.Current.User.Identity.Name
UserLabel.Text = "Logged in as " + CurrentUser

On both the test and production sites the AD User ID is returned: "Logged in as Domain\UserID"

Must be something I'm missing...

I looked at an old web.config file that I had archived and found that in my code rather than having 20-27 as you have, I had this as one line of code (within the system.web element).

<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />

this msdn article shows the same syntax:
http://msdn.microsoft.com/en-us/library/ff647401.aspx

I think that JorgeM has found what was missing.....

It's working! - the page referred to was very helpful and the code worked!

Thanks very much for your help

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.