Re: Active Directory Role-Based Authentication Fails for Users - Local

From: Paul Clement (UseAdddressAtEndofMessage_at_swspectrum.com)
Date: 10/05/04 

Date: Tue, 05 Oct 2004 10:49:00 -0500

On Mon, 4 Oct 2004 11:53:04 -0700, "PPL-KMS" <PPLKMS@discussions.microsoft.com> wrote:

¤ Developed a web-based application that queries active directory for roles to
¤ associate the appropriate functionality to the user. After a recent upgrade
¤ of OS and .NET framework, the ".IsInRole" method returns "false" even though
¤ AD has the role associated to the user (plus, the user works fine in our
¤ production environemnt). Also, the user was authenicated to run the page.
¤ Prior to the upgrade, AD returned "true".
¤
¤ Note: The application running on the localhost uses our production AD
¤ domain. The application runs correctly within my development, prodtest, and
¤ production environments.
¤
¤ At this point, unable to identify the cause of the issue researching into
¤ the OS, IE, and .Net framework. Not sure if it is a bug or a new group
¤ policy implemented by my company.
¤
¤ Technical Information:
¤ Framework -> aspnet_isapi.dll Version: 1.0.3705.419 - SP2 (also attempted
¤ installation of SP3 which did not corret the problem)
¤ OS Version: 5.0.2195 Service Pack 4 Build 2195 - Windows 2000
¤ IE Version: 6.0.2800.1106CO
¤ Authentication method: NTLM
¤ Impersonate: "true"

These types of problems are always a lot of fun to troubleshoot but I'm fairly certain it's a
configuration issue of some type. Group policy, as you suggest, may be the likely culprit. I will
assume that you've set up the web app for the appropriate authentication level and impersonation is
configured and working properly.

I would take a look at the following MS KB article to see if anything suggested resolves the
problem:

The IsInRole method of the WindowsPrincipal class does not work correctly
http://support.microsoft.com/default.aspx?scid=kb;en-us;842794

Paul ~~~ pclement@ameritech.net
Microsoft MVP (Visual Basic)

Relevant Pages

  • RE: Authentication issues after upgrade
    ... Would you please let me know the exact error message? ... Subject: Authentication issues after upgrade ... Domain A has an External non transitive trust to Domain B ... Before I upgrade the second DC I would like to resolve the problem. ...
    (microsoft.public.windows.server.migration)
  • Re: Authentication issues after upgrade
    ... Subject: Authentication issues after upgrade ... When I say that, I mean there is no message to take a screenshot of, or ... Domain A has an External non transitive trust to Domain B ...
    (microsoft.public.windows.server.migration)
  • Active Directory Role-Based Authentication Fails for Users - Local
    ... of OS and .NET framework, the ".IsInRole" method returns "false" even though ... production environemnt). ... Prior to the upgrade, AD returned "true". ... Authentication method: NTLM ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: domain authentication
    ... Thanks to all who responded to my domain authentication post. ... still not long enough for the machine to hit the PDC (only tried 60 seconds ... Some people answered my questions about when I upgrade to a Win2000 domain, ... BDCs in 7 different locations. ...
    (Focus-Microsoft)
  • FC3 upgrade problems
    ... with the evolution suite, but I can't use evolution anymore at all, I get: ... Authentication Rejected, reason: ... What's the problem there (I did a fresh install, because the upgrade went ...
    (Fedora)