RE: ASP.Net 2.0 windows IsInRole error

Hi Mike,

From your description, when calling the "WindowPrincipal.IsInRole" method
in an ASP.NET webservice , you got the following exceptiton, correct?

"The trust relationship between the primary domain and the trusted domain
failed...."

Based on my research, there are some existing common issue related to this
error message. And most of them are caused by not supplying the domain name
when call "IsInRole" function. However, as you said that you've already
supply the domain name in the account name parameter, I think the problem
here is a bit different. Would you also post the code snippet in your
webmethod which call the "IsInRole" function?

Also, for the trusted domain part, have you verified that if the account
(you passed into "isInRole" function) is from the same domain(rather than
another trusted domain) of the webserver, it will work correct?


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
From: =?Utf-8?B?YmFrZQ==?= <mikeemail@xxxxxxxxxxxxx>
Subject: ASP.Net 2.0 windows IsInRole error
Date: Thu, 17 Jul 2008 11:24:08 -0700

X-Tomcat-NG: microsoft.public.inetserver.iis.security

We are sometimes getting the following error when calling User.IsInRole:
The trust relationship between the primary domain and the trusted domain
failed.

If the user is in the group we are specifying, IsInRole returns true. If
they are not in the group we are specifying, IsInRole throws that error.

Has anyone seen this before, or now how we might be able to troubleshoot
this? Perhaps there is additional logging we can turn on for the lower
level
security calls?

Details:
The IsInRole call is happening in a Web Service method, called from a
Winform app.
User is in Domain A, Group exists in Domain B. Full trust between domains.
Trust is definitely fully functional as we would be experiencing many
other
failures otherwise.
We are specifying the Domain in the IsInRole call. For instance
DomainB\TestGroup
IIS Directory Security - Windows Authentication
ASP.Net authentication - Windows (not impersonating)
Web Server - 2003 Server
AD Domain - 2003 Server

Code where we are setting the credentials in Winform prior to Web Service
Call:
ws.Credentials = System.Net.CredentialCache.DefaultCredentials;

Exception Stack Trace:
at
System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollec
tion sourceAccounts, Boolean& someFailed)
at
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection
sourceAccounts, Type targetType, Boolean& someFailed)
at
System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection
sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.WindowsPrincipal.IsInRole(String role)
at WebService.ServiceMethod()


Thanks so much!
Mike




.

Relevant Pages

  • RE: ASP.Net 2.0 windows IsInRole error
    ... we are still seeing strange behavior from the IsInRole call. ... when calling the "WindowPrincipal.IsInRole" method ... Microsoft MSDN Online Support Lead ... If the user is in the group we are specifying, ...
    (microsoft.public.inetserver.iis.security)
  • RE: ASP.Net 2.0 windows IsInRole error
    ... Microsoft MSDN Online Support Lead ... we are still seeing strange behavior from the IsInRole call. ... Also, for the trusted domain part, have you verified that if the account ...
    (microsoft.public.inetserver.iis.security)