none
WindowsPrincipal.IsInRole throws an exception ? RRS feed

  • Question

  • Hello Guys,

    I have a question,

     WindowsIdentity identity = new WindowsIdentity(Environment.UserName);
                WindowsPrincipal principle = new WindowsPrincipal(identity);
                Console.WriteLine(principle.IsInRole("NonExistingLocalGroup"));

    Our logic assumes that the "IsInRole" method returns false when we pass in a "NonExistingGroupName" as parameter. This was working great for sometime. Now it started throwing an exception instead of returning false on some of our environments.

    Exception:

    ***********************************************************************

    The trust relationship between the primary domain and the trusted domain failed.

    </Value></KeyValuePair_2><KeyValuePair_2><Key>3.SystemExceptionHelpLink</Key><Value /></KeyValuePair_2><KeyValuePair_2><Key>3.SystemExceptionSource</Key><Value>mscorlib</Value></KeyValuePair_2><KeyValuePair_2><Key>3.SystemException.StackTrace.</Key><Value>   at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean&amp; someFailed)

       at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean&amp; someFailed)

       at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)

       at System.Security.Principal.WindowsPrincipal.IsInRole(String role)

    **********************************************

    My questions ?

    1. Any one seen this before ?

    2. What is the expected behavior ?

    Thanks.

     

    Friday, October 19, 2012 1:19 AM

Answers

  • Hi Venkata,

    Welcome to the MSDN Forum.

    I checked the document: http://msdn.microsoft.com/en-us/library/fs485fwh.aspx  

    Determines whether the current principal belongs to the Windows user group with the specified name.

    Based on my understanding, the method will work will only when both the user and the group exist.

    If the group isn't existed, such as your case, it will failed to look for the group and return a right result.

    So before you try this method, please confirm this group is existed.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, October 22, 2012 8:59 AM
    Moderator

All replies

  • Hi Venkata,

    Welcome to the MSDN Forum.

    I checked the document: http://msdn.microsoft.com/en-us/library/fs485fwh.aspx  

    Determines whether the current principal belongs to the Windows user group with the specified name.

    Based on my understanding, the method will work will only when both the user and the group exist.

    If the group isn't existed, such as your case, it will failed to look for the group and return a right result.

    So before you try this method, please confirm this group is existed.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, October 22, 2012 8:59 AM
    Moderator
  • Hi Mike,

    I am experiencing the same error in a ASP.NET 2.0 web application (Win2K3 Server) at the line HTTPContext.Current.User.IsInRole("SomeNonExistingRole"). Obviously, the role is not available in AD. But yet, this line of code has been working fine for quite some time before failing all of a sudden one day. By working, I mean, it returned false, but there was never an exception. Do you have any thoughts on why it would suddenly throw a "trust relationship" error after having worked for months together? We have confirmed that there has not been any application or web site level changes (will do another round of checking) and also no changes at the domain trust level.

    I have been looking for help all over, but I have not seen any credible help on this. Appreciate if you can share your comments.

    Regards,

    shankarvrp



    Monday, October 29, 2012 1:12 PM