Re: ASP.NET - Basic/SSL - Changes in user group membership delayed

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 12/09/04 

Date: Thu, 9 Dec 2004 12:40:42 -0600

I actually wouldn't be surprised if the token on the server was getting
reused and that would be a good explanation for the problem. If the
kerberos ticket is cached on the server, it might not get refreshed right
away. I'm pretty sure the server isn't going to make a round trip to the
KDC for every single authentication. This is probably a better question for
the Windows server guys though to get the details of how the LSA is handling
this.

Joe K.

"Paul Clement" <UseAdddressAtEndofMessage@swspectrum.com> wrote in message
news:st2hr096dn2thquh0cnnspl7u3phc4ilqb@4ax.com...
> On Thu, 9 Dec 2004 09:27:02 -0800, Svante
> <Svante@discussions.microsoft.com> wrote:
>
> ¤ (snip)
> ¤ > What is the Application Protection for this application? Low (IIS),
> Medium (Pooled) or High
> ¤ > (Isolated)?
> ¤ (snip)
> ¤ Medium. I thought you said that it could not possibly have to do with
> ¤ thread/token re-use by the ASP.NET worker process... ;-)
> ¤
>
> I don't believe that it does, but lacking another explanation as to why
> declarative security isn't
> working as expected, it certainly doesn't hurt to consider that the web
> server, for some reason
> unknown to me, is caching credentials.
>
> Have you verified that impersonation is working properly. I'm assuming
> that you're impersonating the
> user authenticated via the browser and not an account specified in the
> web.config file?
>
>
> Paul ~~~ pclement@ameritech.net
> Microsoft MVP (Visual Basic)

Relevant Pages

  • CoImpersonateClient - Cross Domain Problem
    ... seems to suffer permission problems when a file or directory is accessed. ... For this explanation, assume that the downstream processing is just trying ... There is a bit of code on an application server running on a domain, ... of the NT service (under a user account instead of the system account). ...
    (microsoft.public.win2000.security)
  • Re: New to linux but going to try it
    ... you don't have to have such attitude. ... You asked for an explanation of my partitioning, ... server files in one place and other server files in another. ...
    (alt.linux)
  • Re: How to send email directly from my PC?
    ... I don't think you are understanding how SMTP works. ... outgoing SMTP server, ... When you toss in words like "relaying" it may sound to you like you ... Thanks a lot for your explanation!! ...
    (comp.mail.misc)
  • Re: position of a new DC
    ... users access to the server itself. ... file server, unless it is also a terminal server. ... To those who believe, no explanation is necessary. ... server or an exchange server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ASP.Net form not posting!
    ... simply trying to show the hierarchy of everything in my explanation. ... Your statement of a form posting or not relating to the server is not ...
    (microsoft.public.dotnet.framework.aspnet)