How can I check group membership in ASP.NET Using Forms authentication with active directory RRS feed

  • Question

  • User400084992 posted

    I have created a site using forms authentication and active directory as detailed in this article


     I now need to check role membership for the authenticated user, however, whenever I user User.IsUserInRole or Roles.GetRolesForUser I get the following exception

    "method is only supported if the username parameter matches the user name in the current windows identity"

    Can anybody offer any suggestions?

    Thursday, June 19, 2008 10:38 PM

All replies

  • User1505790055 posted

    Have you actually also specified the RoleProvider?

    The article you pointed at does not mention this, and when you call User.IsUserInRole() it needs a RoleProvider (search for AspNetWindowsTokenRoleProvider ) to be specified in web.config.


    Friday, June 20, 2008 3:59 AM
  • User400084992 posted

    Thanks for you reply Howard,

     Yes I have specified the following in the web config. When using standard windows authentication I can perform the group checks with no problems but if I try to combine forms authentication with active directory the error described in my original post occurs.


    <add name="ADConnectionString" connectionString="XXXXXXXXXXX" />


    <membership defaultProvider="MyADMembershipProvider">




    type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=,

    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" attributeMapUsername="sAMAccountName"






    <roleManager enabled="true"


    Sunday, June 22, 2008 4:43 PM
  • User251450640 posted

    Did you ever get a solution to this? I'm looking at the same issues. Thanks

    Wednesday, November 26, 2008 3:05 PM
  • User2076114860 posted
    I'm having the same problem. The code from that page works fine with single users but when you want to authenticate groups/roles it doesn't work.
    Wednesday, December 17, 2008 3:35 PM
  • User251450640 posted

    I have actually found a solution to this problem and it worked quite well. It involves creating a class and then use it as a custom provider. Here is the website that has the solution:


    Wednesday, December 17, 2008 4:11 PM
  • User2076114860 posted
    thanks for replying! I will look into this.
    Thursday, December 18, 2008 10:06 AM