Problem with PrincipalPermission Attribute (cannot resolve IsInRole)

Discussion in 'ASP .Net Security' started by Peter Zuber, Jun 7, 2005.

  1. Peter Zuber

    Peter Zuber Guest

    Hi, I have the following problem...

    Pre-requisites:
    Installation of an Asp.net webservice on a IIS5 server (win2k). Anonymous
    access is not allowed, only using windows authentication (intranet app),
    webmethods are using the Principalpermssion attribute
    ([PrincipalPermission(SecurityAction.Demand,
    Role=@"DomainName\WindowsGroup...")]) for identification.

    Result --> It works fine on my PC but not on the server

    When I change the to [PrincipalPermission(SecurityAction.Demand,
    name=@"DomainName\Windowsuser...")]) -> it runs fine

    --> conclusion: IIS cannot determine if a user belongs to an AD group -->
    IPrincipal.IsInRole(@"DomainName\WindowsGroup") is always FALSE!

    I already found an article on the web
    (http://www.kbalertz.com/kb_894432.aspx --> web dir is UNC share), but
    didn't solved the problem...

    Does anyone know more about this issue?
     
    Peter Zuber, Jun 7, 2005
    #1
    1. Advertisements

  2. Just out of curiosity, does it start working if you enable impersonation in
    web.config?

    Joe K.

    "Peter Zuber" <> wrote in message
    news:%...
    > Hi, I have the following problem...
    >
    > Pre-requisites:
    > Installation of an Asp.net webservice on a IIS5 server (win2k). Anonymous
    > access is not allowed, only using windows authentication (intranet app),
    > webmethods are using the Principalpermssion attribute
    > ([PrincipalPermission(SecurityAction.Demand,
    > Role=@"DomainName\WindowsGroup...")]) for identification.
    >
    > Result --> It works fine on my PC but not on the server
    >
    > When I change the to [PrincipalPermission(SecurityAction.Demand,
    > name=@"DomainName\Windowsuser...")]) -> it runs fine
    >
    > --> conclusion: IIS cannot determine if a user belongs to an AD group -->
    > IPrincipal.IsInRole(@"DomainName\WindowsGroup") is always FALSE!
    >
    > I already found an article on the web
    > (http://www.kbalertz.com/kb_894432.aspx --> web dir is UNC share), but
    > didn't solved the problem...
    >
    > Does anyone know more about this issue?
    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 8, 2005
    #2
    1. Advertisements

  3. Peter Zuber

    Peter Zuber Guest

    Yes, impersonation is enabled

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:%...
    > Just out of curiosity, does it start working if you enable impersonation

    in
    > web.config?
    >
    > Joe K.
    >
    > "Peter Zuber" <> wrote in message
    > news:%...
    > > Hi, I have the following problem...
    > >
    > > Pre-requisites:
    > > Installation of an Asp.net webservice on a IIS5 server (win2k).

    Anonymous
    > > access is not allowed, only using windows authentication (intranet app),
    > > webmethods are using the Principalpermssion attribute
    > > ([PrincipalPermission(SecurityAction.Demand,
    > > Role=@"DomainName\WindowsGroup...")]) for identification.
    > >
    > > Result --> It works fine on my PC but not on the server
    > >
    > > When I change the to [PrincipalPermission(SecurityAction.Demand,
    > > name=@"DomainName\Windowsuser...")]) -> it runs fine
    > >
    > > --> conclusion: IIS cannot determine if a user belongs to an AD

    group -->
    > > IPrincipal.IsInRole(@"DomainName\WindowsGroup") is always FALSE!
    > >
    > > I already found an article on the web
    > > (http://www.kbalertz.com/kb_894432.aspx --> web dir is UNC share), but
    > > didn't solved the problem...
    > >
    > > Does anyone know more about this issue?
    > >
    > >

    >
    >
     
    Peter Zuber, Jun 8, 2005
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. @lex-kid
    Replies:
    2
    Views:
    2,618
    @lex-kid
    Jul 7, 2003
  2. sufia
    Replies:
    1
    Views:
    3,321
    @lex-kid
    Jul 6, 2003
  3. Shlomi

    cannot resolve memory leak .

    Shlomi, Nov 10, 2003, in forum: Java
    Replies:
    5
    Views:
    633
    John C. Bollinger
    Nov 17, 2003
  4. Jo

    Cannot resolve symbol

    Jo, Apr 9, 2004, in forum: Java
    Replies:
    3
    Views:
    3,014
    Roedy Green
    Apr 10, 2004
  5. Arun
    Replies:
    0
    Views:
    867
  6. Replies:
    1
    Views:
    11,047
  7. Viorel Ghilas

    PrincipalPermission trouble

    Viorel Ghilas, Jun 16, 2005, in forum: ASP .Net Security
    Replies:
    4
    Views:
    321
    Viorel Ghilas
    Jun 20, 2005
  8. Jess

    PrincipalPermission on WebMethods

    Jess, Sep 11, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    578
Loading...