Home/ Questions/Q 8901083
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T01:15:40+00:00

I have managed to get windows authentication working with a service call using this

  • 0

I have managed to get windows authentication working with a service call using this .config:

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

<configuration>

  <system.web>
    <compilation debug="true" targetFramework="4.0" />

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>

  </system.web>

  <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
  <system.serviceModel>

    <bindings>

      <wsHttpBinding>
        <binding name="Unsecured">
          <security mode="None"/>
        </binding>

        <binding name="Secured">
          <security mode="Message">
            <message clientCredentialType="Windows"/>
          </security>
        </binding>
      </wsHttpBinding>

    </bindings>

    <services>
      <service behaviorConfiguration="ServiceBehaviour" name="WebApplication.SecureService">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="Secured" contract="WebApplication.ISecureService" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehaviour">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Windows"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>

</configuration>

In the service I’m able to see who is logged in using:

OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;

I’d like to check the user is a member of a particular role, so I have tried enabling the roleManager thusly:

   <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <clear/>
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>

Then checking the role using Roles

Roles.IsUserInRole(@"DOMANIN\Role");
or:
var id = OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;
Roles.IsUserInRole(id.Name, @"DOMANIN\Role");

But both throw exception:

“Method is only supported if the user name parameter matches the user name in the current Windows Identity.”

Also if there is an attribute to check roles, that would be ideal as it would throw the right exception rather than me handling it myself.

Update

I just tried this:

if (Roles.RoleExists(@"DOMANIN\Role"))

and got a different exception:

“The configured Role Provider (WindowsTokenRoleProvider) relies upon Windows authentication to determine the groups that the user is allowed to be a member of. ASP.NET Role Manager cannot be used to manage Windows users and groups. Please use the SQLRoleProvider if you would like to support custom user/role assignment.” Which I will Google, just thought it might help anyone who’s looking at this for me.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    [PrincipalPermission(SecurityAction.Demand, Role = @"DOMAIN\Role")]
public string DoWork()
{
    //user is authenticated and in the role
}

    Still would be interested if any one can shed light on the exceptions.

    This works even with out the roleManager enabled so clearly a different mechanism at work.

    • 0