IsUserInRole issue with Domain Admins group (not a configuration issue)

Question

I am seriously beginning to think that where I work is cursed as far as development efforts go, I keep running into very strange issues.

I am using Roles.IsUserInRole(@"Domain\Domain Admins") to check if a user is a Domain Administrator.

For some reason, it does not recognize me in that group, although I have been in it for years. I thought at first it MIGHT have had something to do with the space, but Roles.IsUserInRole(@"Domain\Domain Users") works just fine. Both groups reside in the same AD OU.

Am I losing my mind or is there really something special about the "Domain Admins" group?

EDIT:

        List<GroupPrincipal> result = new List<GroupPrincipal>();

        PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

        UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, User.Identity.Name);

        if (user != null)
        {
            PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

            foreach (Principal p in groups)
            {
                if (p is GroupPrincipal)
                {
                    result.Add((GroupPrincipal)p);
                }
            }
        }

        var myRoles = Roles.GetRolesForUser(User.Identity.Name);

I used the above code to verify group membership. Domain Admins IS listed in the result variable, but NOT in myRoles

Write a script to print all the groups you ARE in and see if that helps. — hoodaticus, Feb 20 '17 at 19:37
I added an edit that showed the code I used to determine if it was seeing me in the Domain Admins group. Please see my comments in the edit — Keith Clark, Feb 20 '17 at 19:50
Possible duplicate of [User.IsInRole returning false](http://stackoverflow.com/questions/2451068/user-isinrole-returning-false) — hoodaticus, Feb 20 '17 at 19:53
@hoodaticus - Thanks, already double checked my web.config. Just confused as to why SOME of my AD groups show up in Roles, but not all — Keith Clark, Feb 20 '17 at 20:00

score 1 · Answer 1 · answered Feb 20 '17 at 20:23

1

Turns out, it has to do with elevated privledges.

Please see: https://www.reddit.com/r/csharp/comments/4cvr0p/domain_admin_is_not_showing_up_in_my_role_list_im/

(Does not explain a work around, only a reason)

answered Feb 20 '17 at 20:23

Keith Clark

609
1
7
19

Accept your own answer, but I would expound on it here since link only answers are bad. – hoodaticus Feb 20 '17 at 20:27

IsUserInRole issue with Domain Admins group (not a configuration issue)

1 Answers1