I recently configured Umbraco to use Active Directory to login visitors to my Intranet. I created a couple groups in AD and assigned myself to both. Umbraco automatically creates me as a Member. I set Public access/Role based protection on a page selecting just one of the groups/roles. All good. Now, I remove myself from that group in AD. Go back to the page, and even though I should no longer have access to it, I do. I resave the roles, same thing. Republish the page, same thing.
It seems that once I've been given permissions to view a page, I can view it forever? That won't fly. If we need to take permission to a page away from a staff member, we need any change in AD to be immediate. It kinda is, as I see the group is now in the left pane and not the right when I view the Member in Umbraco.
Is the permission being cached? How do I revoke it?
It might not be an umbraco thing, permissions are cached against your token, so once you've logged on the client and server are only passing tokens around that represent the groups you were in at logon time.
Also if you have multiple domain controllers replication can have a slight delay, so removing from one can sometimes take a few minutes to appear on the other.
in umbraco terms at logon to the site your token will be created and it will last for the lifetime of your session, so you need to logoff or expire the session for the token to be rebuilt with the groups in it.
AD is a complex beast, but it would check the above first.
Is there any way to immediately kill the session? Say for an employee fired on the spot? Seems like once they get the token there's no way to take it away.
It that happened you would disable their account they wouldn't be able to get on to anything - that would be immediate across your domain for everything :)
Tokens only last for the session timeout (usually about 20mins by default?)
I'm not aware of anything to kill other peoples sessions other than bouncing the server, but i'm guessing something might exist.
Role Based Protection Issue
I recently configured Umbraco to use Active Directory to login visitors to my Intranet. I created a couple groups in AD and assigned myself to both. Umbraco automatically creates me as a Member. I set Public access/Role based protection on a page selecting just one of the groups/roles. All good. Now, I remove myself from that group in AD. Go back to the page, and even though I should no longer have access to it, I do. I resave the roles, same thing. Republish the page, same thing.
It seems that once I've been given permissions to view a page, I can view it forever? That won't fly. If we need to take permission to a page away from a staff member, we need any change in AD to be immediate. It kinda is, as I see the group is now in the left pane and not the right when I view the Member in Umbraco.
Is the permission being cached? How do I revoke it?
It might not be an umbraco thing, permissions are cached against your token, so once you've logged on the client and server are only passing tokens around that represent the groups you were in at logon time.
Also if you have multiple domain controllers replication can have a slight delay, so removing from one can sometimes take a few minutes to appear on the other.
in umbraco terms at logon to the site your token will be created and it will last for the lifetime of your session, so you need to logoff or expire the session for the token to be rebuilt with the groups in it.
AD is a complex beast, but it would check the above first.
Is there any way to immediately kill the session? Say for an employee fired on the spot? Seems like once they get the token there's no way to take it away.
It that happened you would disable their account they wouldn't be able to get on to anything - that would be immediate across your domain for everything :)
Tokens only last for the session timeout (usually about 20mins by default?)
I'm not aware of anything to kill other peoples sessions other than bouncing the server, but i'm guessing something might exist.
Dear All,
I am trying to install the ACS Extension for Role Based Protection, every time I do the following error
Occurs .
is working on a reply...