Re: User.IsInRole() fails if user in too many groups?

From: Yuri Lausberg (yuril_lausberg@Hotmail.com)
Date: 01/09/03 

From: "Yuri Lausberg" <yuril_lausberg@Hotmail.com>
Date: Wed, 8 Jan 2003 16:01:25 -0800

This is a known issue, see BUG: Q321562
(http://support.microsoft.com/default.aspx?scid=kb;en-us;321562) .
Cheers,

- Yuri Lausberg

"Dan Kahler" <dan.kahler@digex.com> wrote in message
news:eoETpz2tCHA.2628@TK2MSFTNGP09...
> (I've seen references to this previously, but I haven't been able to find
> any definitive documentaton of this problem.)
>
> My IsInRole() checks return false for ALL membership checks if a given
> Windows account is in too many groups. I know it's related to the number
of
> groups - I've used debug code to echo IsInRole() membership checks, and
> watched results change after I incrementally added a domain user to
> additional local groups. All the IsInRole() checks begin to fail once the
> user is in XX local groups. (The user is also in numerous AD groups, so I
> haven't been able to find the specific number that's acting as a ceiling,
> and don't know if the problem is specific to local groups).
>
> It's bizarre - IsInRole() correctly identifies membership in both local
and
> domain accounts, and then if I add the user one additional local group
> (arbitrary grouop name), it returns False for checks on any specified
group.
>
> Context.User.IsInRole("DOMAIN\MyGroup") returns True, and then once I add
> the user to one more local group, Context.User.IsInRole("DOMAIN\MyGroup")
> suddenly returns False. I spent forever trying to pin this on a code or
> capitalization problem before I tracked it to the number of group
> memberships.
>
> I've been using the WindowsPrincipal.IsInRole() function since the early
> betas (2001), and this is the first time I've been bitten by this. I'm
> using v1.0 of the runtime - anyone know if there's a planned fix for v1.1?
>
> Thanks for any corraboration!
> Dan Kahler
>
>

Relevant Pages

  • Re: Is every user a member of Users?
    ... "Roger Abell" wrote in message ... Local Groups only -- while on the domain groups can be either ... Herb Martin> ... > There are a couple kinds of things that are used as if> they were groups and/or that function like groups, but> over the membership in which one has no control. ...
    (microsoft.public.win2000.security)
  • User.IsInRole() fails if user in too many groups?
    ... My IsInRole() checks return false for ALL membership checks if a given ... watched results change after I incrementally added a domain user to ... user is in XX local groups. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Local Group members
    ... Restricted Groups can define the (complete and exact) membership ... of local groups, but cannot "add" to the membership of them. ...
    (microsoft.public.windows.group_policy)
  • Re: Local Group members
    ... defining a Restricted group, this is normal. ... > "Roger Abell" kirjoitti viestissä ... >> of local groups, but cannot "add" to the membership of them. ...
    (microsoft.public.windows.group_policy)
  • Re: Check group member ship or a user
    ... of 1.0 had a bug where IsInRole was case sensitive. ... >>I have only gotten IsInRole to work against local groups when I have been ... >>logged in as a local machine user, rather than as a domain user. ...
    (microsoft.public.dotnet.languages.vb)