Azman with SQL Datastore does not work with LDAP Query Dynamic Gro

Discussion in 'ASP .Net Security' started by RiverWay, Apr 20, 2010.

  1. RiverWay

    RiverWay Guest

    I have used Azman with Active Directory data store succesfully in my web
    application as a Role Provider. I wanted to use the new features of Windows
    Server 2008 version of Azman which can have a SQL Database as a data store.
    But when I switched to this new Azman Store with SQL2008 database, the LDAP
    Query groups won't return correct answer about membership of a role, which
    was working fine in Active Directory Azman.

    Here is connection strings of two different kind of Azman:
    1) <add name="ConnectionStringAZMAN"
    connectionString="msldap:// Apps,CN=Program
    2) <add name="ConnectionStringAZMAN"
    connectionString="mssql://Driver=SQL Server;Server=SQL2008;/AzMan/AzStore"/>

    The following is the LDAP query filter to define a Dynamic Group named
    "Inspectors" in Azman: (&(objectClass=user)(title=*Inspector*))
    I tried this style too but the same:

    This is the code part of checking membership in my web application:
    if (System.Web.Security.Roles.IsUserInRole(str_userPrincipal,

    This code was working fine (returns true for a user) with Azman of AD data
    store but fails (returns false for the same user) in Azman of SQL. I guess
    the new library code of MS which checks the membership drilling through
    dynamic query group is not working properly but I am not sure. Could it be a
    permission related issue? There was no error message but the IsUserInRole()
    function returns wrong answer from Azman+SQL.

    I am running out of idea stucking at this point. Please help me. Thank you.

    Development Environment:
    -Visual Studio 2008 in XP with the latest service pack
    -The DC with Active Directory is Windows Server 2008 R2
    -I tested the same web application with SQL Azman in VS2010 installed in a
    Windows Server 2008 R2 because XP wouldn't support the new function of SQL
    -SQL Server for Azman is SQL 2008 (not R2)
    RiverWay, Apr 20, 2010
    1. Advertisements

  2. RiverWay

    RiverWay Guest

    I have found the solution. I said I copied my web application project to a
    Windows Server 2008 machine (we don't have Vista or 7 machine) and installed
    VS2010 to test run in it because my XP development machine can't run the new
    Azman feature with SQL store.

    In the VS2010 of Windows Server 2008 R2 (connected by rdp), when I removed
    the System.Web from References entries and added again, the web application
    started working again. I mean the IsUserInRole() function returned 'true' for
    the user drilling correctly into LDAP query group definition. FYI,
    'PaintLog_Inspector' role had a member of a dynamic group, which queries all
    AD users who has the word 'inspector' in their title attribute.

    I guess the cause of the problem was that my VS project was maintaining XP
    binaries of [System.Web] (more specifically
    System.Web.Security.AuthorizationStoreRoleProvider) when moved to Windows
    Server 2008 R2 machine, which includes Azman related code. By refreshing the
    Reference list, VS2010 must have reloaded the right binary from the new
    Windows Server 2008 R2 machine.

    Just hoping anybody out there who may experience the similar problem...
    Happy coding.
    RiverWay, Apr 21, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.