locked
Windows authentication in ASP.NET MVC .NET 4.5.1 doesn't read new IsInRole value after add/remove user to/from Role with IE RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1087118499 posted

    Windows authentication in ASP.NET MVC .NET 4.5.1 doesn't read new IsInRole value after add/remove user to/from Role with IE

    I work on ASP.NET MVC (.NET 4.5.1, C#) application that uses Windows authentication mode.

    Everything works fine with one exception. After I add or remove User from Windows Group, client application still remember old values. Moreover, this affects only in Internet Explorer. When I use Firefox, it CAN read and display proper IsInRole in few seconds after Windows User was added / removed from Windows Group. Why IE can't read changed values?

    I do not use Visual Studio built in IIS. Instead of this I use my local IIs

    I tried to use following code, but with no success:

    1. 

    IPrincipal p = Thread.CurrentPrincipal;
    p.IsInRole("my_gorup_name")

    2. 
    HttpContext.User.IsInRole("my_gorup_name")

    3.
    System.Web.Security.Roles.IsUserInRole("my_gorup_name"),

    Part of my web.config:

    <identity impersonate="false" />
<authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
    <roleManager defaultProvider="WindowsProvider"
       enabled="true"
       cacheRolesInCookie="false">
      <providers>
        <clear/>
        <add
          name="WindowsProvider"
          type="System.Web.Security.WindowsTokenRoleProvider" />
      </providers>
    </roleManager>

    My development environment is Win 8.1, VS 2013, IIS 

    Monday, September 8, 2014 6:03 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1779161005 posted

    IIS caches the token values for 15 minutes IIRC. In other words, if you make a change in AD then your local IIS will need to have its cache expire or be purged (via a restart) for the updated values in AD to be seen.

    Monday, September 8, 2014 8:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1087118499 posted

    Thank you for your comment. Unfortunately, nothing happen after 15, 20 and even 30 minutes after I removed user from group.

    Please consider, that under Firefox it works immediately.

    Moreover, when i run application in debug mode with two browsers IE and FF with p.IsInRole("my_gorup_name") in the watch, a proper value is in FF session and invalid value is in IE session.

    Any ideas?

    Tuesday, September 9, 2014 7:31 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1779161005 posted

    Ah, ok, if FF updates immediately but the others don't then it sounds as if the browser itself is doing the caching. So try starting a new browser.

    Tuesday, September 9, 2014 9:36 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1087118499 posted

    Nope ... it still doesn't read current values :(

    Tuesday, September 9, 2014 10:49 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1454326058 posted

    Hi ItsMeMac,

    Please use the developer tool to check whether that request status is not 304.

    Best Regards

    Starain Chen

    Thursday, September 11, 2014 4:20 AM