I have an ASP.NET MVC 5 web application. It is hosted on IIS 8.5 on Windows Server 2012 R2 in a Windows Intranet environment. The web application leverages Integrated Windows Authentication and Authorization (all others authentication features are disabled).
There is a Windows Domain in the environment named MainDomain. In this domain there is a Active Directory Group of users AppUsers (MainDomain\AppUsers), which is used to authorize users upon accessing the web application's resources.
The web application itself is being hosted under a child domain ChildDomain (ChildDomain.MainDomain).
Role-based authorization is used in the code of the controllers. It looks like this:
[Authorize(Roles = @"MainDomain\AppUsers")]
public HomeController : Controller
{
// Action methods and other stuff...
}
I've run into a problem: any request (to any action method of the controller above) from any user, which is definitely belongs to MainDomain\AppUsers become unauthorized.
When the host was in MainDomain everything worked fine. But after the host was moved to ChildDomain (ChildDomain.MainDomain), the issue occured.
How to resolve that?