Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

"Trust relationship between ... and the primary domain failed" in MVC5 Authentication

I have a ASP .NET MVC5 application in which I am not using Windows Authentication.

Everything was working fine until I tried running the application outside of the Domain in which it was being developed and (for whatever reason) got a:

The trust relationship between this workstation and the primary domain failed. 

when I'm trying to do User.IsInRole("Admin").

I am using custom Identity, Role, IdentityStore, RoleStore, etc. from .NET's Identity and I can see that the User and Role data is being retrieved from the (MongoDB) database correctly.

There are plenty of questions regarding this issue, but they're from people who want to use Windows Auth. and impersonation in their MVC applications:

  • With windows authentication, The trust relationship between the primary domain and the trusted domain failed, when calling IsInRole

  • How to configure Windows Authentication / Impersonation + IIS 7 + MVC

  • The trust relationship between the primary domain and the trusted domain failed

  • My.User.IsInRole("Role Name") throws a Trust Relationship error on Windows 7

So why exactly am I getting this SystemException if I'm not using Active Directory and (as far as I know) not doing anything that might depend on the PC's domain? Am I missing some configuration (either in my Web.config or IIS Express)?

EDIT:

Ok, so narrowing it down a bit...

My User.IsInRole("Admin") line is inside an if() statement in my _Layout.cshtml View (i.e., to know what to show in the nav. bar depending on the role).

I now know I only get the error above when no user is authenticated and I'm not in the domain I used for dev. If I place a breakpoint on that line, I can see that the User object is is a System.Security.Principal.WindowsIdentity and its underlying Identity is System.Security.Principal.WindowsIdentity.

On the other hand, if the user is authenticated, then the User object and ts Identity are System.Security.Claims.ClaimsPrincipal and System.Security.Claims.ClaimsIdentity.

Why is it using Windows Identity at all (when unauthenticated) and how can I disable it?

like image 804
user1987392 Avatar asked Mar 31 '14 15:03

user1987392


People also ask

How do you fix the trust relationship between the primary domain and the trusted domain failed?

Resolution. To resolve this issue, remove the computer from the domain, and then connect the computer to the domain. Use a local administrator account to log on to the computer.

What causes domain trust relationship failure?

RESOLUTION. The most common cause of the trust relationship failing upon restoring a workstation or server is the computer account password had been changed between the last backup taken and the restore attempt.


2 Answers

So, based on my EDIT, I've modified my _Layout.cshtml so that instead of having

@if(User.IsInRole("Admin"))  {...} 

I have

@if(User.Identity.IsAuthenticated && User.IsInRole("Admin")) {...} 

which seems to solve the problem.

I believe the problem was that ASP .NET Identity uses an empty WindowsIdentity when no user is authenticated and when I try to check for the User.IsInRole, then it will try to check the roles of a WindowsIdentity against an Active Directory that I don't have. Obviously I should first check if the user is even logged in before attempting to check its roles, so mea culpa.

But, even though the change above seems to fix my code, I'd be very interested in knowing more about this behavior: why is it using an empty System.Security.Principal.WindowsIdentity when no user is authenticated. I'll accept any answer which explains that.

like image 125
user1987392 Avatar answered Sep 28 '22 01:09

user1987392


I've had this issue - It failed for me if I tested an active directory group that didn't exist.

Make sure you're using a group that exists!

like image 27
David McEleney Avatar answered Sep 28 '22 01:09

David McEleney