其实很简单的问题：

我现在有IIS匿名访问禁​​用，用户将自动登录使用他们的Windows登录。然而调用User.IsInRole（角色名称）返回false。我双重检查User.Identity.Name（）和角色名，它应该返回true。

目前，我有这个在我的web.config：

更新的 我打电话User.IsInRole（角色名），我应该叫User.IsInRole（域\角色名称）

但是我还是想知道如果＆lt;会员＆GT;项需要在所有？

我应该怎么改？ （，是的＆lt;会员＆GT;需要在所有条目的）

 ＆LT;身份验证模式=窗口＆GT;
      ＆LT;形式
      NAME =。ADAuthCookie
      超时=10/＆GT;
  ＆LT; /认证＆GT;


＆LT;会员defaultProvider =ADMembershipProvider＆GT;
  ＆LT;供应商＆GT;
    ＆LT;清/＆GT;
      ＆LT;添加
         NAME =ADMembershipProvider
         TYPE =System.Web.Security.ActiveDirectoryMembershipProvider，System.Web程序，版本= 2.0.0.0，文化=中性公钥= b03f5f7f11d50a3a
         的connectionStringName =ADConnectionString
         connectionUsername =XXX \ specialAdUser
         connectionPassword =XX
         /＆GT;
  ＆LT; /供应商＆GT;
＆LT; /会员＆GT;

＆LT; roleManager启用=真正的defaultProvider =WindowsProvider＆GT;
  ＆LT;供应商＆GT;
    ＆LT;清/＆GT;
      ＆LT;添加名称=WindowsProviderTYPE =System.Web.Security.WindowsTokenRoleProvider/＆GT;
  ＆LT; /供应商＆GT;
＆LT; / roleManager＆GT;
 

解决方案

如果您使用Windows身份验证IsInRole将没有额外的配置工作，只要你还记得preFIX与域的角色，即域\组

另外，你可以作用（双关语意），你自己的，并使用Windows身份验证反对，例如SQL角色提供，你不希望自己的广告充斥着你的应用程序自定义角色。

所以，不，你并不需要在所有的供应商配置。

Very simple question actually:

I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true.

I currently have this in my Web.Config:

UPDATE I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name")

However I still like to know if the <membership> entry is needed at all?

What should I change? (and is the <membership> entry needed at all?)

  <authentication mode="Windows">
      <forms
      name=".ADAuthCookie"
      timeout="10" />
  </authentication>


<membership defaultProvider="ADMembershipProvider">
  <providers>
    <clear/>
      <add
         name="ADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionUsername="XXX\specialAdUser"
         connectionPassword="xx"
         />
  </providers>
</membership>

<roleManager enabled="true" defaultProvider="WindowsProvider">
  <providers>
    <clear />
      <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" />
  </providers>
</roleManager>

If you use Windows authentication IsInRole will work with no extra configuration, as long as you remember to prefix the role with the domain, i.e. DOMAIN\groupName.

In addition you can role (pun intended) your own and use Windows auth against, for example, a SQL Role Provider, where you don't want your AD littered with custom roles for your application.

So no, you don't need the provider configuration at all.