foreach (System.Security.Principal.IdentityReference group in currentContext.Request.LogonUserIdentity.Groups)
{
groupName = group.Translate(typeof(System.Security.Principal.NTAccount)).ToString();
if (groupName.Equals(userGroup, StringComparison.InvariantCultureIgnoreCase))
{
userIsInGroup = true;
break;
}
}
It worked fine on development machine, but would redirect me to access denied page on the QA server.
After logging the current context user in app (during security check) I found the web app was running under the admin account. And the admin account was not part of my app NT group. The reason this was happening was because Windows explorer cached the admin account credentials, that I use for copying the published files on the server.
To clear the cache, I had to run the following from command prompt:
rundll32.exe keymgr.dll, KRShowKeyMgrThis brings up a UI that has all the server names for which Windows explorer has cached the credentials. Select the server and click on "Remove" and that should do the trick.
No comments:
Post a Comment