We have web site which is configured for windows authentication. Only users in certain active directory group are allowed to access this web site. These authenticated users are also belongs to certain roles. These roles are stored in SQL table and I have created custom role provider to access the roles. Based on roles we allow users to access certain functionality of the web site
For example active directory group is “domain\IT” and roles are “developer, qa, ba, analyst” Below is my current configuration
<system.web><httpRuntime targetFramework="4.5.1" maxRequestLength="1024" /><authentication mode="Windows" /><authorization><allow roles="domain\IT" /><deny users="*" /></authorization><roleManager defaultProvider="MySqlRoleProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="Encryption"><providers><add
name="MySqlRoleProvider "
type="MyProviders.MySqlRoleProvider,MyProviders"
connectionStringName="MyConnectionStringName"
applicationName="MyApp" /></providers></roleManager></system.web>On application startup, MySqlRoleProvider.GetRolesForUser() gets invoked by .net framework and it tries to see if user is in “domain\IT”. However “domain\IT” is not a role it’s an active directory group So framework denies the access and I get windows
login prompt again. (and keeps asking for credentials because it goes through the same cycle)
So I'm not sure how can I tell framework not to invoke custom role provider when its looking if user is in active directory group.
