IsInRole doesn't works correctly

[alexb]

In my ASP.NET Application i check whether user that opens application is a
member of my created Windows Group(Managers).

if (Context.User.IsInRol(@"MyCompName\Managers"))
{
TextBox1.Text="OK";
}

If i use Integrated Windows Authentication in IIS all OK but with Basic
Authentication i have a problem.
What is a problem:
When i first time open my application, the Basic Authentication Form is
appear.
I enter login and password of user that in my "Managers" local windows group
and IsInRol works correctly.

I close Internet Explorer. Remove this user from my "Managers" group and try
again to open my application in hope
to get IsInRol=False, but i get True.

Only after restart IIS I get correctly result.

Why it's works so and how can i resolve this problem because i need use
Basic Authentication

Thanks.

 

[Alek Davis]

Alex,

There seems to be a problem (and possibly not one) with IsInRole
functionality.Check this thread:
http://groups.google.com/groups?hl=...1wmwtE7CHA.2156%40TK2MSFTNGP12.phx.gbl&rnum=1
(or http://tinyurl.com/2e2lm). I am not sure if I understand this correctly,
but it seems to me that Basic Authentication is prone to caching problems.
For example, if you call a Web Service programmatically passing valid basic
credentials (which will establish a connection), the close the connection,
and try the exactly same operation using wrong credentials, the operation
will not fail (it will fail after a 30-minute - or so - timeout, though).
See if Keith Brown's approach helps you (please post the solution if you
find one).

Alek

 

[alexb]

You understand me correctly.

If i remove user from windows group after first logon to my site, IsInRole
works not correctly because Basic Authentication is prone to caching user
token data.