Problem with PrincipalPermission Attribute (cannot resolve IsInRole)

Discussion in 'ASP .Net Security' started by Peter Zuber, Jun 7, 2005.

  1. Peter Zuber

    Peter Zuber Guest

    Hi, I have the following problem...

    Pre-requisites:
    Installation of an Asp.net webservice on a IIS5 server (win2k). Anonymous
    access is not allowed, only using windows authentication (intranet app),
    webmethods are using the Principalpermssion attribute
    ([PrincipalPermission(SecurityAction.Demand,
    Role=@"DomainName\WindowsGroup...")]) for identification.

    Result --> It works fine on my PC but not on the server

    When I change the to [PrincipalPermission(SecurityAction.Demand,
    name=@"DomainName\Windowsuser...")]) -> it runs fine

    --> conclusion: IIS cannot determine if a user belongs to an AD group -->
    IPrincipal.IsInRole(@"DomainName\WindowsGroup") is always FALSE!

    I already found an article on the web
    (http://www.kbalertz.com/kb_894432.aspx --> web dir is UNC share), but
    didn't solved the problem...

    Does anyone know more about this issue?
    Peter Zuber, Jun 7, 2005
    #1
    1. Advertising

  2. Just out of curiosity, does it start working if you enable impersonation in
    web.config?

    Joe K.

    "Peter Zuber" <> wrote in message
    news:%...
    > Hi, I have the following problem...
    >
    > Pre-requisites:
    > Installation of an Asp.net webservice on a IIS5 server (win2k). Anonymous
    > access is not allowed, only using windows authentication (intranet app),
    > webmethods are using the Principalpermssion attribute
    > ([PrincipalPermission(SecurityAction.Demand,
    > Role=@"DomainName\WindowsGroup...")]) for identification.
    >
    > Result --> It works fine on my PC but not on the server
    >
    > When I change the to [PrincipalPermission(SecurityAction.Demand,
    > name=@"DomainName\Windowsuser...")]) -> it runs fine
    >
    > --> conclusion: IIS cannot determine if a user belongs to an AD group -->
    > IPrincipal.IsInRole(@"DomainName\WindowsGroup") is always FALSE!
    >
    > I already found an article on the web
    > (http://www.kbalertz.com/kb_894432.aspx --> web dir is UNC share), but
    > didn't solved the problem...
    >
    > Does anyone know more about this issue?
    >
    >
    Joe Kaplan \(MVP - ADSI\), Jun 8, 2005
    #2
    1. Advertising

  3. Peter Zuber

    Peter Zuber Guest

    Yes, impersonation is enabled

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:%...
    > Just out of curiosity, does it start working if you enable impersonation

    in
    > web.config?
    >
    > Joe K.
    >
    > "Peter Zuber" <> wrote in message
    > news:%...
    > > Hi, I have the following problem...
    > >
    > > Pre-requisites:
    > > Installation of an Asp.net webservice on a IIS5 server (win2k).

    Anonymous
    > > access is not allowed, only using windows authentication (intranet app),
    > > webmethods are using the Principalpermssion attribute
    > > ([PrincipalPermission(SecurityAction.Demand,
    > > Role=@"DomainName\WindowsGroup...")]) for identification.
    > >
    > > Result --> It works fine on my PC but not on the server
    > >
    > > When I change the to [PrincipalPermission(SecurityAction.Demand,
    > > name=@"DomainName\Windowsuser...")]) -> it runs fine
    > >
    > > --> conclusion: IIS cannot determine if a user belongs to an AD

    group -->
    > > IPrincipal.IsInRole(@"DomainName\WindowsGroup") is always FALSE!
    > >
    > > I already found an article on the web
    > > (http://www.kbalertz.com/kb_894432.aspx --> web dir is UNC share), but
    > > didn't solved the problem...
    > >
    > > Does anyone know more about this issue?
    > >
    > >

    >
    >
    Peter Zuber, Jun 8, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. @lex-kid
    Replies:
    2
    Views:
    2,374
    @lex-kid
    Jul 7, 2003
  2. Arun
    Replies:
    0
    Views:
    702
  3. Replies:
    1
    Views:
    10,107
  4. Viorel Ghilas

    PrincipalPermission trouble

    Viorel Ghilas, Jun 16, 2005, in forum: ASP .Net Security
    Replies:
    4
    Views:
    159
    Viorel Ghilas
    Jun 20, 2005
  5. Jess

    PrincipalPermission on WebMethods

    Jess, Sep 11, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    306
Loading...

Share This Page