G
Griff
Overview
When the first call to our Web Service causes an exception, the Web Service
caches that user's credentials for its life time.
Details
We have a Web Service which uses Windows Authentication. Within the Web
Service we look at the current username and check which user Groups it
belongs to.
If the user belongs to a particular Group, then we identify which database
to connect to. We then connect to that DB and return the relevant data
requested.
If the user does not belong to a particular Group, then the webservice
throws an exception.
What we have discovered is that if the FIRST call to the Web Service is by
user 'A' and this causes an exception, then ALL SUBSEQUENT calls to the Web
Service will think it's running as user A, even if it's from user 'B'.
If the first call is successful and (say) the second call causes an
exception, then all subsequent calls to the Web Service will work fine and
the Web Service will know the correct user identity..
We've tried to call the Web Service from the test page, within a windows
form and with multiple users. It is as if the application caches the user
for it's life time.
Has anybody else had this issue?
Thanks
Griff
When the first call to our Web Service causes an exception, the Web Service
caches that user's credentials for its life time.
Details
We have a Web Service which uses Windows Authentication. Within the Web
Service we look at the current username and check which user Groups it
belongs to.
If the user belongs to a particular Group, then we identify which database
to connect to. We then connect to that DB and return the relevant data
requested.
If the user does not belong to a particular Group, then the webservice
throws an exception.
What we have discovered is that if the FIRST call to the Web Service is by
user 'A' and this causes an exception, then ALL SUBSEQUENT calls to the Web
Service will think it's running as user A, even if it's from user 'B'.
If the first call is successful and (say) the second call causes an
exception, then all subsequent calls to the Web Service will work fine and
the Web Service will know the correct user identity..
We've tried to call the Web Service from the test page, within a windows
form and with multiple users. It is as if the application caches the user
for it's life time.
Has anybody else had this issue?
Thanks
Griff