Upgraded application using IsInRole(), now only returns false (vb.net)
Read to the end before making code changes as there is a more obvious thing to check!
To support TLS1.2 for PCI requirements I was upgrading one of the applications to 4.6.1, after deployment behaviour controlled by our active directory groups was broken. It was like no one was a member of any AD groups anymore. First I thought it must be a coincidental screw up by someone in AD. It turns out it was something else…
The following code is used to check against a list of security groups to see if the current user belongs to any of them.
Public Shared Function IsInAdSecurityRole(RoleName() As String) As Boolean Dim aName As String = Principal.WindowsIdentity.GetCurrent.Name Dim aDomain As String = aName.Substring(0, aName.IndexOf("\\") + 1) AppDomain.CurrentDomain.SetPrincipalPolicy( Principal.PrincipalPolicy.WindowsPrincipal) For index = 0 To RoleName.Count - 1 If Thread.CurrentPrincipal.IsInRole(aDomain & RoleName(index)) Then Return True End If Next Return False End Function
The code is ancient, has been in our applications for a very long time but on upgrading to .NET framework 4.6.1 it returns false for all roles. Checked casing and ran in debug inspection and yet failed to see why it stopped behaving as it always had before.
Unable to figure out what had happened and with a need to get systems running again I imported the namespace
then using the following method all seems well again.
Public Shared Function IsInAdSecurityRole(RoleName() As String) As Boolean Dim currPrincipal As New WindowsPrincipal(New WindowsIdentity(Environment.UserName)) For index = 0 To RoleName.Count - 1 If currPrincipal.IsInRole(RoleName(index)) Then Return True End If Next Return False End Function
I used this reference:
Authentication mode in project settings Application-defined vs Windows
VB.NET has a setting in the project to say you wish to use application provided authentication method or use the default windows one. This was something that I had totally forgotten existed. It looks like the Authentication mode of the project got changed during the migration. Check the properties of the project, Authentication mode, see if changing it from Application-defined to Windows helps, it did in my case, bringing behaviour back to that which is expected.
Change the drop down combo box to “Windows”