Article ID: 894432 - Last Review: April 22, 2005 - Revision: 1.3
BUG: You receive a "False" value when you call the User.IsInRole method in an ASP.NET application even though the user is assigned to the role
When you call the
User.IsInRole method in a Microsoft ASP.NET application, you receive a
False value from the method. This behavior occurs even though the user may be assigned to the role.
Note This issue occurs when the ASP.NET application is mapped to a Uniform Naming Convention (UNC) share.
To work around this issue, use one of the following methods:
Do not map the ASP.NET application to a UNC share. Run the iisreset command after you add a user to a role but before you request an ASPX Web page.
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
Steps to reproduce the issue Create a Microsoft Internet Information Services (IIS) application that is named Unc. To do this, follow these steps:Click Start , click Run , type inetmgr.exe , and then click OK . Expand ServerName Right-click Web Sites , and then click New . Name the site Unc, and then click OK . Right-click Unc . In the Properties dialog box, click the Directory security tab. Under Anonymous access and authentication control , click Edit . Verify that the Anonymous access check box is selected. Click to select the Integrated Windows authentication check box. In the application folder, create an ASPX file that contains the following code example.<%@page language="cs"%>
User.Identity.Name=<%=User.Identity.Name%><br>
role=<%=Request.QueryString["role"]%><br>
User.IsInRole(role)=<% = User.IsInRole(Request.QueryString["role"])%><br> Create a share that is mapped to this physical folder. Create the local user who is named MyUser. To do this, follow these steps:Click Start , click Run , type lusrmgr.msc , and then click OK . Right-click Users , and then click New User . Name the new user MyUser, and then click Create . Map the IIS application to the share that you created in step 8, and then connect to the share by using the MyUser account.Note Make sure that the MyUser account has Read user rights on the physical folder on the share. Click Start , click Run , type inetmgr.exe , and then click OK . Expand ServerName Web Sites . Right-click your Web site, and then click Properties . Click the Home Directory tab. Click A share located on another computer . In the Network directory box, type the path of the application that you created in step 1. Click OK . Give the MyUser account Full access to the following folder:%windir%\Microsoft.NET\Framework\FrameworkBuild \Temporary ASP.NET Files
Create a new role on your computer, and then assign the MyUser user to this role. To do this, follow these steps:Click Start , click Run , type lusrmgr.msc , and then click OK . Right-click Groups , and then click New Group . In the New Group dialog box, name the group MyRole, and then click Add . In the Enter the object names to select box, type MyUser , and then click Check Names . Click OK , and then click Create . Click Close . In a Web browser, open your ASPX page by passing the role in the query string. For example, open the following URL:http://YourServerName /unc/page.aspx?role=YourServerName \MyRole
When IIS runs the ASPX page, you receive the following output:User.Identity.Name = MyUserRole = MyRoleUser.IsInRole(role)=False Note You expect to receive the following output: APPLIES TO Microsoft ASP.NET 1.1 Microsoft ASP.NET 1.0 kbiis kbsecurity kbaspnet kbnofix kbbug KB894432
Provide feedback on this information
Did this information solve your problem?
Was this information relevant?
What can we do to improve this information?
To protect your privacy, do not include contact information in your feedback.
Thank you! Your feedback is used to help us improve our support content. For more assistance options, please visit the
Help and Support Home Page .
Back to the top
