I have an ASP.NET MVC 3 web site that uses Windows Authentication running under IIS7.5. This web site also checks manually for groups in AD using the GetRolesForUser method of a custom RoleProvider. This isn't anything special, and has been working fine for a few months now.
However, we now have a user that had their Active Directory user name changed. They still have the same actual AD account, but to them their login name is now different.
Unfortunately this has broken the web site for this user. I'm using Elmah to log errors, and I have noticed that REMOTE_USER is using the old account name, and LOGON_USER is using the new account name. It looks like the username parameter of the GetRolesForUser method is getting the old account name - so I assume it is using REMOTE_USER.
Should I be targeting the web server or the web site for a fix? I've read that LOGON_USER and REMOTE_USER are only different if there is an authentication filter installed. I'm not aware of anything like this on the web server (although I'm not sure exactly where to look), but does MVC3 add this somehow?
