My network administrator would like to switch Active Directory from mixed mode to native mode and has asked me if that would affect our primary Windows Form application. The application accesses AD through the .NET security principal API:
var principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
and then tests principal.IsInRole to determine the user's role. I'm almost 100% sure the change to native mode wouldn't affect this app. but it's not something we can test and from what I've read it's not possible to switch it back to mixed mode should something go awry.
I'd like some reassurance so that I can give him the go-ahead to make the switch.
Best Answer
I can't give you a straight answer - I'm a newcomer to .NET stuff ATM. I'm sorry I can't do more.
However, I can tell you this - the switch to native mode eliminates compatibility support for prior versions of AD authentication. So, if you're going from NT4 to 2000 (the first generation of this type of issue) and your authentication is not based on 2000 AD, then yes, it would break. I suspect you're probably on 2003 or 2008, and 2003's native mode is yet another step up from 2000 (a.k.a. mixed mode is 2000+2003 support but no NT4 support), so the move to native would be all-2003 authentication, am I right? And there lies the rub - if your application is authenticating against a 2003 server properly, you're probably fine.
Expensive proposition: use two virtual machines, one running 2003 and the other a client OS with your app, and authenticate. Make sure that 2003 is running in full native mode. That should answer your question definitively.