ASP.NET MVC 3 Razor - Windows Authentication Failing Every Request

I've been fighting this issue for far to long. Basically, I'm building a corporate intranet site (first one in MVC 3) and I cannot get any authorization checks to function. Even the basic "Intranet" project type fails to work. Interestingly, the "Welcome domain\username" works fine so I know that it is getting partial AD info.

Here is my process for the most basic setup that is failing:

Login as domain user on a Windows 7 development workstation

Using VS2010 fully patched -> Create New Project -> ASP.NET MVC 3 -> Intranet Application

Right Click Project -> Use IIS Express

Properties of Project -> Disable Anonymous Access, Enable Windows Authentication

Modify web.config to add:

<add key="autoFormsAuthentication" value="false" />

Verify web.config contains:

<authentication mode="Windows" />

<authorization>
  <deny users="?" />
</authorization>

Modify default HomeController where Group1 and Group2 are verified and working groups in othe开发者_如何学Pythonr applications:

HomeController

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace MVC3AuthTest001.Controllers
{
    public class HomeController : Controller
    {
        public ActionResult Index()
        {

            Boolean isAdmin01 = User.IsInRole("Group1");
            Boolean isAdmin02 = User.IsInRole("Group2");

            ViewBag.Message = "Welcome to ASP.NET MVC!" + " Admin: " + isAdmin01 + " EACAdmin: " + isAdmin02;

            return View();
        }

     }
 }

Run the code and the following is displayed:

Welcome to ASP.NET MVC! Group1: False Group2: False

Both should be true since I am member of both groups.

In addition all

[Authorize(Roles = @"Group1")]

Verifications fail in the main application resulting in empty screens.

I would normally assume a network issue, but the same code running in an MVC 2 application works exactly as expected with the groups.

Deploying the application to our development server (production configuration, IIS 7 on Win2008 Server) also fails to work as expected.

I'm at wit's end...

Is there some step that I'm missing?

I would first take a look at the following: what does Roles.GetRolesForUser() return? This should be Group1 and Group2 but is probably something else.

Second, you may want to check that you actually see a WindowsIdentity as the authenticated identity. Check that Thread.CurrentPrincipal.Identity is a WindowsIdentity and not something else.