The only thing the documentation says about UserIsDomain is that:
Is domain user : Indicates if the user was imported from Active Directory.
We have a custom security handler that we use to actually import corporate users from a couple of different AD domains (into the same site), and we were setting UserIsDomain to true to separate those users from users that are allowed to log in without AD authentication. We also want to check some other information before forcing the AD login process, and thought we could use e.User just like we do when a non-UserIsDomain user logs in. However, as soon as that flag is set, e.User is always NULL when the user logs in.
I threw together a little test handler function that does ensure that, yes, the user exists in the database and their password matches the password they logged in with -- in the code below, for user's that have UserIsDomain == true, password1 and password2 always match.
private void Test_Authenticate_Execute(object sender, AuthenticationEventArgs e)
if (e.User == null)
UserInfo userExists = UserInfoProvider.GetUserInfo(e.UserName);
var password1 = userExists.GetValue("UserPassword").ToString();
e.User = UserInfoProvider.GetUserInfo(e.UserName);
var password2 = e.User.GetValue("UserPassword").ToString();
if (password1 != password2)
e.User = null;
If I go into the admin site and uncheck the user's "User is domain" box, and log back in with that user, then e.User in the code above is no longer null.
So, is this the desired functionality for the login process with user's marked "User is domain", or a bug? And if it is the desired functionality, you might want to add a note to that effect in the custom security handler section.