Microsoft KB Archive/894432

= BUG: You receive a &quot;False&quot; value when you call the User.IsInRole method in an ASP.NET application even though the user is assigned to the role =

Article ID: 894432

Article Last Modified on 4/22/2005

-

APPLIES TO


 * Microsoft ASP.NET 1.1
 * Microsoft ASP.NET 1.0

-





SYMPTOMS
When you call the User.IsInRole method in a Microsoft ASP.NET application, you receive a False value from the method. This behavior occurs even though the user may be assigned to the role.

Note This issue occurs when the ASP.NET application is mapped to a Uniform Naming Convention (UNC) share.



WORKAROUND
To work around this issue, use one of the following methods:
 * Do not map the ASP.NET application to a UNC share.
 * Run the iisreset command after you add a user to a role but before you request an ASPX Web page.



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the &quot;Applies to&quot; section.



Steps to reproduce the issue
 Create a Microsoft Internet Information Services (IIS) application that is named Unc. To do this, follow these steps:  Click Start, click Run, type inetmgr.exe, and then click OK. Expand  . Right-click Web Sites, and then click New. Name the site Unc, and then click OK.</ol> </li> Right-click Unc.</li> In the Properties dialog box, click the Directory security tab.</li> Under Anonymous access and authentication control, click Edit.</li> Verify that the Anonymous access check box is selected.</li> Click to select the Integrated Windows authentication check box.</li>  In the application folder, create an ASPX file that contains the following code example. <%@page language=&quot;cs&quot;%>

User.Identity.Name=<%=User.Identity.Name%> role=<%=Request.QueryString[&quot;role&quot;]%> User.IsInRole(role)=<% = User.IsInRole(Request.QueryString[&quot;role&quot;])%> </li> Create a share that is mapped to this physical folder.</li> Create the local user who is named MyUser. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type lusrmgr.msc, and then click OK.</li> Right-click Users, and then click New User.</li> Name the new user MyUser, and then click Create.</li></ol> </li> Map the IIS application to the share that you created in step 8, and then connect to the share by using the MyUser account.

Note Make sure that the MyUser account has Read user rights on the physical folder on the share.

To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type inetmgr.exe, and then click OK.</li> Expand  , and then expand Web Sites.</li> Right-click your Web site, and then click Properties.</li> Click the Home Directory tab.</li> <li>Click A share located on another computer.</li> <li>In the Network directory box, type the path of the application that you created in step 1.</li> <li>Click OK.</li></ol> </li> <li>Give the MyUser account Full access to the following folder:

%windir%\Microsoft.NET\Framework\ \Temporary ASP.NET Files

</li> <li>Create a new role on your computer, and then assign the MyUser user to this role. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, click Run, type lusrmgr.msc, and then click OK.</li> <li>Right-click Groups, and then click New Group.</li> <li>In the New Group dialog box, name the group MyRole, and then click Add.</li> <li>In the Enter the object names to select box, type MyUser, and then click Check Names.</li> <li>Click OK, and then click Create.</li> <li>Click Close.</li></ol> </li> <li>In a Web browser, open your ASPX page by passing the role in the query string. For example, open the following URL:

http:// /unc/page.aspx?role= \MyRole

</li> <li> When IIS runs the ASPX page, you receive the following output:

<pre class="fixed_text">User.Identity.Name = MyUser

Role = MyRole

User.IsInRole(role)=False

Note You expect to receive the following output:

<pre class="fixed_text">User.IsInRole(role)=True </li></ol>

Keywords: kbbug kbnofix kbsecurity kbiis kbaspnet KB894432

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.