ASP.NET - Basic/SSL - Changes in user group membership delayed

From: Svante (Svante_at_discussions.microsoft.com)
Date: 12/08/04

  • Next message: Ollie: "Re: using <location> with <authorization>"
    Date: Wed, 8 Dec 2004 01:53:02 -0800
    
    

    Background: An ASP.NET application, using Basic/SSL authentication with users
    residing in an Active Directory in the same domain as the web server, pages
    and resources protected with NTFS ACL's and ASP.NET configured for
    impersonation works fine.

    Observation: But, it appears that the ASP.NET worker process, once it has
    impersonated a user, will re-use that same user token when when the same user
    is re-authenticated after having started a new browser.

    The problem, as it appears: A user is given changed permissions by an
    administrator by changing group memberships in Active Directory. This change
    has no effect in the ASP.NET application until IIS is restarted (or possibly
    ASP.NET worker process dies out of boredom by itself).

    The question: How to make user group memberships changes effective, at least
    after the user has restarted a browser?

    Svante


  • Next message: Ollie: "Re: using <location> with <authorization>"