ASP.NET - Basic/SSL - Changes in user group membership delayed

From: Svante (
Date: 12/08/04

  • Next message: Ollie: "Re: using <location> with <authorization>"
    Date: Wed, 8 Dec 2004 01:53:02 -0800

    Background: An ASP.NET application, using Basic/SSL authentication with users
    residing in an Active Directory in the same domain as the web server, pages
    and resources protected with NTFS ACL's and ASP.NET configured for
    impersonation works fine.

    Observation: But, it appears that the ASP.NET worker process, once it has
    impersonated a user, will re-use that same user token when when the same user
    is re-authenticated after having started a new browser.

    The problem, as it appears: A user is given changed permissions by an
    administrator by changing group memberships in Active Directory. This change
    has no effect in the ASP.NET application until IIS is restarted (or possibly
    ASP.NET worker process dies out of boredom by itself).

    The question: How to make user group memberships changes effective, at least
    after the user has restarted a browser?


  • Next message: Ollie: "Re: using <location> with <authorization>"

    Relevant Pages

    • Re: Automatically adding www
      ... The browser itself will do this by typing mydomain then ... Since the record for must resolve to Domain Controllers in an ... Active Directory environment there is another work around. ... will work just fine if you use a host header, ...
    • Re: Forms Authentication non-persistent cookie not expiring after closing the browser
      ... If you authenticate against the Active Directory, why not host your solution under intergrated security? ... I use non-persistent cookie so ... that the user is NOT remembered across browser sessions. ...
    • Re: AD <-> SQL Hirearchies Nodes
      ... As part of our migration to Active Directory Win 2003, ... intelligence location hierarchy. ... and then load it into SQL Server. ... AD groups then you could arrange your security on group memberships. ...
    • Re: Can i browse active directory without being Administrator?
      ... You can browse Active directory with a regular user, ... browser which you can use to browse active directory 'active directory ... center and at the bottom there is free browser download ...
    • Re: How read from Active Directory?
      ... Active Directory does not offer that information - it's merely a ... repository of STATIC information about users, their group memberships ...