Is there some setting or permission in IIS 7/Win Server 2008 that would cause WindowsPrincipal.IsInRole to always return false, when the same code running in IIS 6/Win Server 2003 works? Here's how I'm calling the method:
IPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
bool isInRole = principal.IsInRole("DOMAIN\Group"); // Always false in Win 2K8
The web application is running with Integrated Windows Authentication on both servers. Also, the Win 2008 server is in a different sub-domain than the Win 2003 server. The groups that I'm checking against are in the same sub-domain as the Win 2003 server.
I can provide more details if necessary, but I'm not sure which ones are relevant and which would be noise.
Check on the Domain Controller if 'DOMAIN\Group' is the full name of the group. It must be the Group name (pre Windows2000).