R
RRB
Hi,
I have an ASP.Net application running on IIS6 that uses Windows
authentication. I have recently discovered an apparently well-known
issue that because the 'Security Context' is cached for authenticated
clients, changes made in active directory to a user account are not
picked up by the application.
My application has a log-in form that users can use to forcibly log in
as a particular user. But what I am doing there is simply creating new
WindowsPrincipal and WindowIdentity instances.
1. What I want to do is have a page that I can send users to that will
force e-authentication of the client.
2. I would *love* to also have a logical way of detecting that the token
for a particular user is invalid and that they must be re-authenticated.
Does anyone know how to accomplish either one or both of these tasks?
I've scoured online but I cannot find anything beyond passing reference
to forcing re-authentication.
Thanks,
Rich
======================
blackbox testing prerequisites:
1 white box
1 black marker
I have an ASP.Net application running on IIS6 that uses Windows
authentication. I have recently discovered an apparently well-known
issue that because the 'Security Context' is cached for authenticated
clients, changes made in active directory to a user account are not
picked up by the application.
My application has a log-in form that users can use to forcibly log in
as a particular user. But what I am doing there is simply creating new
WindowsPrincipal and WindowIdentity instances.
1. What I want to do is have a page that I can send users to that will
force e-authentication of the client.
2. I would *love* to also have a logical way of detecting that the token
for a particular user is invalid and that they must be re-authenticated.
Does anyone know how to accomplish either one or both of these tasks?
I've scoured online but I cannot find anything beyond passing reference
to forcing re-authentication.
Thanks,
Rich
======================
blackbox testing prerequisites:
1 white box
1 black marker