IsInRole doesn't works correctly

Discussion in 'ASP .Net Security' started by alexb, May 10, 2004.

  1. alexb

    alexb Guest

    In my ASP.NET Application i check whether user that opens application is a
    member of my created Windows Group(Managers).

    if (Context.User.IsInRol(@"MyCompName\Managers"))
    {
    TextBox1.Text="OK";
    }

    If i use Integrated Windows Authentication in IIS all OK but with Basic
    Authentication i have a problem.
    What is a problem:
    When i first time open my application, the Basic Authentication Form is
    appear.
    I enter login and password of user that in my "Managers" local windows group
    and IsInRol works correctly.

    I close Internet Explorer. Remove this user from my "Managers" group and try
    again to open my application in hope
    to get IsInRol=False, but i get True.

    Only after restart IIS I get correctly result.

    Why it's works so and how can i resolve this problem because i need use
    Basic Authentication

    Thanks.
    alexb, May 10, 2004
    #1
    1. Advertising

  2. alexb

    Alek Davis Guest

    Alex,

    There seems to be a problem (and possibly not one) with IsInRole
    functionality.Check this thread:
    http://groups.google.com/groups?hl=...1wmwtE7CHA.2156%40TK2MSFTNGP12.phx.gbl&rnum=1
    (or http://tinyurl.com/2e2lm). I am not sure if I understand this correctly,
    but it seems to me that Basic Authentication is prone to caching problems.
    For example, if you call a Web Service programmatically passing valid basic
    credentials (which will establish a connection), the close the connection,
    and try the exactly same operation using wrong credentials, the operation
    will not fail (it will fail after a 30-minute - or so - timeout, though).
    See if Keith Brown's approach helps you (please post the solution if you
    find one).

    Alek

    "alexb" <> wrote in message
    news:...
    > In my ASP.NET Application i check whether user that opens application is a
    > member of my created Windows Group(Managers).
    >
    > if (Context.User.IsInRol(@"MyCompName\Managers"))
    > {
    > TextBox1.Text="OK";
    > }
    >
    > If i use Integrated Windows Authentication in IIS all OK but with Basic
    > Authentication i have a problem.
    > What is a problem:
    > When i first time open my application, the Basic Authentication Form is
    > appear.
    > I enter login and password of user that in my "Managers" local windows

    group
    > and IsInRol works correctly.
    >
    > I close Internet Explorer. Remove this user from my "Managers" group and

    try
    > again to open my application in hope
    > to get IsInRol=False, but i get True.
    >
    > Only after restart IIS I get correctly result.
    >
    > Why it's works so and how can i resolve this problem because i need use
    > Basic Authentication
    >
    > Thanks.
    >
    >
    Alek Davis, May 14, 2004
    #2
    1. Advertising

  3. alexb

    alexb Guest

    You understand me correctly.

    If i remove user from windows group after first logon to my site, IsInRole
    works not correctly because Basic Authentication is prone to caching user
    token data.


    "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
    news:...
    > Alex,
    >
    > There seems to be a problem (and possibly not one) with IsInRole
    > functionality.Check this thread:
    >

    http://groups.google.com/groups?hl=...1wmwtE7CHA.2156%40TK2MSFTNGP12.phx.gbl&rnum=1
    > (or http://tinyurl.com/2e2lm). I am not sure if I understand this

    correctly,
    > but it seems to me that Basic Authentication is prone to caching problems.
    > For example, if you call a Web Service programmatically passing valid

    basic
    > credentials (which will establish a connection), the close the connection,
    > and try the exactly same operation using wrong credentials, the operation
    > will not fail (it will fail after a 30-minute - or so - timeout, though).
    > See if Keith Brown's approach helps you (please post the solution if you
    > find one).
    >
    > Alek
    >
    > "alexb" <> wrote in message
    > news:...
    > > In my ASP.NET Application i check whether user that opens application is

    a
    > > member of my created Windows Group(Managers).
    > >
    > > if (Context.User.IsInRol(@"MyCompName\Managers"))
    > > {
    > > TextBox1.Text="OK";
    > > }
    > >
    > > If i use Integrated Windows Authentication in IIS all OK but with Basic
    > > Authentication i have a problem.
    > > What is a problem:
    > > When i first time open my application, the Basic Authentication Form is
    > > appear.
    > > I enter login and password of user that in my "Managers" local windows

    > group
    > > and IsInRol works correctly.
    > >
    > > I close Internet Explorer. Remove this user from my "Managers" group and

    > try
    > > again to open my application in hope
    > > to get IsInRol=False, but i get True.
    > >
    > > Only after restart IIS I get correctly result.
    > >
    > > Why it's works so and how can i resolve this problem because i need use
    > > Basic Authentication
    > >
    > > Thanks.
    > >
    > >

    >
    >
    alexb, May 16, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GS
    Replies:
    7
    Views:
    2,357
    Juan T. Llibre
    Feb 3, 2006
  2. Ufit
    Replies:
    1
    Views:
    743
  3. Peter Bradley
    Replies:
    2
    Views:
    1,174
    Peter Bradley
    Jan 19, 2007
  4. petersonrj
    Replies:
    0
    Views:
    116
    petersonrj
    Sep 17, 2004
  5. Dominick Baier
    Replies:
    2
    Views:
    184
    Patrick.O.Ige
    Oct 21, 2004
Loading...

Share This Page