I am currently using the attribute [Authorize]at the top of the controller to restrict access to certain parts of my site based on AD groups. I use integrated IIS authentication. The device hosting the site is in the domain and can talk with the domain controller. I also use .NET Core 1.1, but also tried this with the full .Net Framework, producing the same results.
I currently have
[Authorize(Roles = "Domain\\My_AD_Group")], but cannot force the AD group to actively update the site. If I change users in a group, forcing replication and site recovery locally will not change anything. If I restart my local computer after replication, this seems to fix the problem and it reads the group permissions correctly. The same thing happens in IIS.
It seems that the cached credentials are sorted somewhere locally, but I'm not sure if that is the case. Any help was greatly appreciated.
Edit: I also tried this in the full .Net Framework, having the same problem.
source
share