Active Directory Role-Based Authentication Fails for Users - Local

[PPL-KMS]

Developed a web-based application that queries active directory for roles to
associate the appropriate functionality to the user. After a recent upgrade
of OS and .NET framework, the ".IsInRole" method returns "false" even though
AD has the role associated to the user (plus, the user works fine in our
production environemnt). Also, the user was authenicated to run the page.
Prior to the upgrade, AD returned "true".

Note: The application running on the localhost uses our production AD
domain. The application runs correctly within my development, prodtest, and
production environments.

At this point, unable to identify the cause of the issue researching into
the OS, IE, and .Net framework. Not sure if it is a bug or a new group
policy implemented by my company.

Technical Information:
Framework -> aspnet_isapi.dll Version: 1.0.3705.419 - SP2 (also attempted
installation of SP3 which did not corret the problem)
OS Version: 5.0.2195 Service Pack 4 Build 2195 - Windows 2000
IE Version: 6.0.2800.1106CO
Authentication method: NTLM
Impersonate: "true"


--
Sr Integrator - Info Solutions
PPL Corp.

[Paul Clement]

On Mon, 4 Oct 2004 11:53:04 -0700, "PPL-KMS" <PPLKMS@discussions.microsoft.com> wrote:

¤ Developed a web-based application that queries active directory for roles to
¤ associate the appropriate functionality to the user. After a recent upgrade
¤ of OS and .NET framework, the ".IsInRole" method returns "false" even though
¤ AD has the role associated to the user (plus, the user works fine in our
¤ production environemnt). Also, the user was authenicated to run the page.
¤ Prior to the upgrade, AD returned "true".
¤
¤ Note: The application running on the localhost uses our production AD
¤ domain. The application runs correctly within my development, prodtest, and
¤ production environments.
¤
¤ At this point, unable to identify the cause of the issue researching into
¤ the OS, IE, and .Net framework. Not sure if it is a bug or a new group
¤ policy implemented by my company.
¤
¤ Technical Information:
¤ Framework -> aspnet_isapi.dll Version: 1.0.3705.419 - SP2 (also attempted
¤ installation of SP3 which did not corret the problem)
¤ OS Version: 5.0.2195 Service Pack 4 Build 2195 - Windows 2000
¤ IE Version: 6.0.2800.1106CO
¤ Authentication method: NTLM
¤ Impersonate: "true"

These types of problems are always a lot of fun to troubleshoot but I'm fairly certain it's a
configuration issue of some type. Group policy, as you suggest, may be the likely culprit. I will
assume that you've set up the web app for the appropriate authentication level and impersonation is
configured and working properly.

I would take a look at the following MS KB article to see if anything suggested resolves the
problem:

The IsInRole method of the WindowsPrincipal class does not work correctly
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;842794[/url]


Paul ~~~ [email]pclement@ameritech.net[/email]
Microsoft MVP (Visual Basic)