Asked by:
Windows authentication in ASP.NET MVC .NET 4.5.1 doesn't read new IsInRole value after add/remove user to/from Role with IE

Question
-
User1087118499 posted
Windows authentication in ASP.NET MVC .NET 4.5.1 doesn't read new IsInRole value after add/remove user to/from Role with IE
I work on ASP.NET MVC (.NET 4.5.1, C#) application that uses Windows authentication mode.
Everything works fine with one exception. After I add or remove User from Windows Group, client application still remember old values. Moreover, this affects only in Internet Explorer. When I use Firefox, it CAN read and display proper IsInRole in few seconds after Windows User was added / removed from Windows Group. Why IE can't read changed values?
I do not use Visual Studio built in IIS. Instead of this I use my local IIsI tried to use following code, but with no success:
1.
IPrincipal p = Thread.CurrentPrincipal;
p.IsInRole("my_gorup_name")2.
HttpContext.User.IsInRole("my_gorup_name")3.
System.Web.Security.Roles.IsUserInRole("my_gorup_name"),Part of my web.config:
<identity impersonate="false" /> <authentication mode="Windows" /> <authorization> <deny users="?" /> </authorization> <roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false"> <providers> <clear/> <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" /> </providers> </roleManager>
My development environment is Win 8.1, VS 2013, IIS
Monday, September 8, 2014 6:03 PM
All replies
-
User1779161005 posted
IIS caches the token values for 15 minutes IIRC. In other words, if you make a change in AD then your local IIS will need to have its cache expire or be purged (via a restart) for the updated values in AD to be seen.
Monday, September 8, 2014 8:36 PM -
User1087118499 posted
Thank you for your comment. Unfortunately, nothing happen after 15, 20 and even 30 minutes after I removed user from group.
Please consider, that under Firefox it works immediately.
Moreover, when i run application in debug mode with two browsers IE and FF with p.IsInRole("my_gorup_name") in the watch, a proper value is in FF session and invalid value is in IE session.
Any ideas?
Tuesday, September 9, 2014 7:31 AM -
User1779161005 posted
Ah, ok, if FF updates immediately but the others don't then it sounds as if the browser itself is doing the caching. So try starting a new browser.
Tuesday, September 9, 2014 9:36 AM -
User1087118499 posted
Nope ... it still doesn't read current values :(
Tuesday, September 9, 2014 10:49 AM -
User-1454326058 posted
Hi ItsMeMac,
Please use the developer tool to check whether that request status is not 304.
Best Regards
Starain Chen
Thursday, September 11, 2014 4:20 AM