User.IsInRole not working as expected RRS feed

  • Question

  • User1540266618 posted

    Hi all

    I've read numerous posts where the straight answer is "Just use User.IsInRole("Domain\Group")... " but I cant get it to work, so now I looking for a "For Dummies guide".

    My code looks something like this:

    if(User.IsInRole("Domain\\Editor")) { ... }

    Please note that I use a \\ instead of \, which for some reason is never used in any of the examples I've found, but I need to escape the \ otherwise my code won't compile.

    My web.config looks like this:

    <authentication mode="Windows" />
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
    <identity impersonate="false"/>

    The group I'm trying to test against is in the OU Users (default OU that comes wih every domain), I've also tried putting it elsewhere but no luck.

    User.Identity.Name works like it should, so I'm puzzled to say the least.

    Hope somebody can give me some input, thanks, Egil. 

    Thursday, November 9, 2006 9:01 AM

All replies

  • User1001868398 posted
    If you use the ASP.NET configuration you'll see all the roles available, use those strings. You can always call GetRoles() and will return an array of roles. Put a breakpoint and look at them!
    Thursday, November 9, 2006 8:48 PM
  • User1540266618 posted

    Hi albert

     I actually managed to get it sorta working. It seems that if I use a builtin group (like "Domain Admins") it works as expected. But I can't for the life of me get it to work with custom security groups. Does IsInRole simply not work with custom security groups or is the syntax different?

    Thanks for the input, best regards, Egil.

    Friday, November 10, 2006 2:37 AM
  • User1001868398 posted


    Thanks for the post, MS Membership provider works for forms, but has a few issues with custom implementations, what MS wants you to do is to create your own Memebership Provider, to do so:

    public class YouNewMemebershipProvider : MembershipProvider



    You can add all your LDAP calls here



    Friday, November 10, 2006 10:54 AM