.NET and Windows Auth: “The trust relationship between this workstation and the primary domain failed.”

So you inherit a legacy project that uses windows authentication, and you’re trying to use the “User.IsInRole(string s)” method to determine a user’s role and you keep getting a “SystemException” with message: “The trust relationship between this workstation and the primary domain failed.”

This seems to be a pretty common problem judging the amount of articles on the web discussing this “SystemException”. Below you will find the steps that I had to take to resolve my issue. Remember, there are a ton of different issues that could be the cause; my steps may or may not work for you depending on what your actual issue is.

Project’s Web.config with SystemException being thrown:

 <system.web>
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>
    <authentication mode="Windows" />
    <authorization>
      <allow verbs="OPTIONS" users="*" />
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.5.2" />
    <httpRuntime targetFramework="4.5.2" />
  </system.web>

Project’s Web.config after role manager fix that solves SystemException issue:

<system.web>
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>
    <authentication mode="Windows" />
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
      <providers>
        <clear />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
      </providers>
    </roleManager>
    <authorization>
      <allow verbs="OPTIONS" users="*" />
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.5.2" />
    <httpRuntime targetFramework="4.5.2" />
  </system.web>

As you can see, the “roleManager” tag was missing in the Web.config.

Go ahead and try to see if that resolves your issue.

Leave a Reply

Your email address will not be published.