ApplicationContext.User.IsInRole

ApplicationContext.User.IsInRole

Old forum URL: forums.lhotka.net/forums/t/3678.aspx

juddaman posted on Tuesday, October 09, 2007

Hey

I've made a custom principal and identity object. On login it uses the Windows identity to get the current users name and then gets the users id from my db. So basically Windows is handling the username/password. It all works well except IsInRole.

public override bool IsInRole(string role)

{

IPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());

return principal.IsInRole(role);

}

When I pass in a role that I know (from a testing POV) the I'm in the method works! It return true. If I pass in a role name that the user is not in it throws a system exception with the msg "The trust relationship between the primary domain and the trusted domain failed.".

 

bool inRole = ApplicationContext.User.IsInRole("COMPANYNAME_TTadmin")); // OK

bool inRole = ApplicationContext.User.IsInRole("test"))  // inRole should = false but it throws an exception instead

Any one know why?

Thanks

George

 

 

juddaman replied on Friday, October 12, 2007

Can anybody help with this??

ajj3085 replied on Friday, October 12, 2007

Have you stepped into the IsInRole method?  What exception are you getting?  More detail would be helpful.

juddaman replied on Friday, October 12, 2007

As I said previously albeit not very clearly, the excpetion thrown is of type SystemException. I can't step into the method as it's in the WindowsPrincipal class (.NET code), can I?

Message: The trust relationship between the primary domain and the trusted domain failed.

Exception thrown in: System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)

The strangest this is how the exception is not thrown if the user is in the role. My work around is too just catch the exception and return false from my method. It work but it pretty nasty code.

Is there any piece of info the would be particularly help?

Cheers.

ajj3085 replied on Friday, October 12, 2007

Hmm... I haven't seen that exact message before.  Do you have multiple domains in your network?  It sounds like your user domain is being evaluated for role membership and you're not a member.. but then it goes to check another domain, and there's a problem between the domains' trust relationship.

I've seen a similar message but it was a problem between the client and the DC.. basically the one I saw happens if you join a machine to the domain, then delete the computer account from AD.  The solution there is to remove and rejoin the computer.. but your message indicates a inter-domain problem.

stacy.odell replied on Friday, October 12, 2007

In the past to get User.IsInRole to work properly I've had to add in the domain to the group name:

 

if (User.IsInRole("domain\\group")) {

 blah blah blah

}

juddaman replied on Monday, October 15, 2007

Hey Stacy, thanks a lot, including the domain name solved the problem. I guess that stops Windows looking for the group name in other domains that the user doesn't actually have permission to access.

Thanks for your input Andy.

Tar very much. George.

BVeenstra replied on Tuesday, October 20, 2009

We received this error whenever we forget to set the ThreadPrincipal of the AppDomain

example:

ICustomPrincipal principal = new CustomPrincipal();

AppDomain currentDomain = AppDomain.CurrentDomain;
currentDomain.SetThreadPrincipal(principal );

Thread.CurrentPrincipal = principal;


HTH

Copyright (c) Marimer LLC