locked
Windows authentication in ASP.NET MVC .NET 4.5.1 doesn't read new IsInRole value after add/remove user to/from Role with IE RRS feed

  • Question

  • User1087118499 posted

    Windows authentication in ASP.NET MVC .NET 4.5.1 doesn't read new IsInRole value after add/remove user to/from Role with IE

    I work on ASP.NET MVC (.NET 4.5.1, C#) application that uses Windows authentication mode.

    Everything works fine with one exception. After I add or remove User from Windows Group, client application still remember old values. Moreover, this affects only in Internet Explorer. When I use Firefox, it CAN read and display proper IsInRole in few seconds after Windows User was added / removed from Windows Group. Why IE can't read changed values?

    I do not use Visual Studio built in IIS. Instead of this I use my local IIs

    I tried to use following code, but with no success:

    1. 

    IPrincipal p = Thread.CurrentPrincipal;
    p.IsInRole("my_gorup_name")

    2. 
    HttpContext.User.IsInRole("my_gorup_name")

    3.
    System.Web.Security.Roles.IsUserInRole("my_gorup_name"),

    Part of my web.config:

    <identity impersonate="false" />
    <authentication mode="Windows" />
        <authorization>
          <deny users="?" />
        </authorization>
        <roleManager defaultProvider="WindowsProvider"
           enabled="true"
           cacheRolesInCookie="false">
          <providers>
            <clear/>
            <add
              name="WindowsProvider"
              type="System.Web.Security.WindowsTokenRoleProvider" />
          </providers>
        </roleManager>

    My development environment is Win 8.1, VS 2013, IIS 

    Monday, September 8, 2014 6:03 PM

All replies

  • User1779161005 posted

    IIS caches the token values for 15 minutes IIRC. In other words, if you make a change in AD then your local IIS will need to have its cache expire or be purged (via a restart) for the updated values in AD to be seen.

    Monday, September 8, 2014 8:36 PM
  • User1087118499 posted

    Thank you for your comment. Unfortunately, nothing happen after 15, 20 and even 30 minutes after I removed user from group.

    Please consider, that under Firefox it works immediately.

    Moreover, when i run application in debug mode with two browsers IE and FF with p.IsInRole("my_gorup_name") in the watch, a proper value is in FF session and invalid value is in IE session.

    Any ideas?

    Tuesday, September 9, 2014 7:31 AM
  • User1779161005 posted

    Ah, ok, if FF updates immediately but the others don't then it sounds as if the browser itself is doing the caching. So try starting a new browser.

    Tuesday, September 9, 2014 9:36 AM
  • User1087118499 posted

    Nope ... it still doesn't read current values :(

    Tuesday, September 9, 2014 10:49 AM
  • User-1454326058 posted

    Hi ItsMeMac,

    Please use the developer tool to check whether that request status is not 304.

    Best Regards

    Starain Chen

    Thursday, September 11, 2014 4:20 AM