I have an ASP.NET MVC 5 web application. It is hosted on IIS 8.5 on Windows Server 2012 R2 in an intranet environment. It usesWindows authentication and authorization.
There is a domain in the environment: MainDomain. In this domain there is an group of usersAppUsers (MainDomain\AppUsers), which is used to authorize users upon accessing the web application's resources.
The web application itself is being hosted under a child domain ChildDomain (ChildDomain.MainDomain).
I use role-based authorization in the code of my controllers. It looks like this:
[Authorize(Roles = @"MainDomain\AppUsers")]
public HomeController : Controller
{
// Action methods and other stuff...
}I've run into a problem: every request (to any action method of the controller above) from any user, which is definitely belongs toMainDomain\AppUsers become unauthorized.
When the host was in MainDomain everything worked fine. But after the host was moved toChildDomain (ChildDomain.MainDomain), the issue occured.
How to resolve that?