Why does testing the user's group membership not produce the expected result?

Question

Please check the following code.

WindowsIdentity identity = HttpContext.Current.Request.LogonUserIdentity;

WindowsPrincipal principal = new WindowsPrincipal(identity);

bool result = Principal.IsInRole("Active Directory Group Name");

if(result == true)
{
    // Able to access the page
}

else
{
    // No access to this page 
}

I have a pin in my organization and it is added to "Active Directory Group". Now, I am able to access the pages in the localhost. I made some changes in the code and deployed code in DEV and trying to access the pages in DEV to test the application. In DEV, I was unable to access the pages. It is supposed to execute the if block but instead executes the else block.

Could you please help me with:

Where is security blocking me?
What else do I have to make sure of?

Are you specifying a domain in the `role` parameter passed to `IsInRole()`? See the **Remarks** section of [the documentation](https://learn.microsoft.com/dotnet/api/system.security.principal.windowsprincipal.isinrole#System_Security_Principal_WindowsPrincipal_IsInRole_System_String_) describing the expected form of that parameter. — Lance U. Matthews, Sep 20 '21 at 02:52
I am guessing if it does not execute the if and only else then result is not true. Have you checked your role names/case etc. And if it works locally and not in dev server then might be a permissions issue on your ad server maybe? — AliK, Sep 20 '21 at 03:15

Why does testing the user's group membership not produce the expected result?

0 Answers0