ASP.NET - Basic/SSL - Changes in user group membership delayed
From: Svante (Svante_at_discussions.microsoft.com)
Date: Wed, 8 Dec 2004 01:53:02 -0800
Background: An ASP.NET application, using Basic/SSL authentication with users
residing in an Active Directory in the same domain as the web server, pages
and resources protected with NTFS ACL's and ASP.NET configured for
impersonation works fine.
Observation: But, it appears that the ASP.NET worker process, once it has
impersonated a user, will re-use that same user token when when the same user
is re-authenticated after having started a new browser.
The problem, as it appears: A user is given changed permissions by an
administrator by changing group memberships in Active Directory. This change
has no effect in the ASP.NET application until IIS is restarted (or possibly
ASP.NET worker process dies out of boredom by itself).
The question: How to make user group memberships changes effective, at least
after the user has restarted a browser?