I am writing a web application that uses .NET Windows Authentication and relies on a user's group membership to Authorize them to various areas of the website. Right now I'm on a dev machine that IS NOT part of a domain and is not using AD, instead I'm just using local user groups. In general this is working fine as is.
However, as I test the application I need to add and remove roles in my user account to verify things are working. When I add a role it doesn't seem to propagate until I log out of Windows and login again.
Is it possible to force an update to Group membership without having to log off?
This will kill explorer, then reopen with your user account... It will prompt you for your password and that will get you a new token, thereby updating your membership.
This is difficult to perform on a system-wide scale, but possible with individual executable files by killing their process and relaunching them under the user's credentials.
When you log on, you receive a token reflecting your group membership, among other things. The only way to refresh this token is to log in.
I had a similar situation of a website that relied on a user's membership in AD to allow login to the website. One thing to consider doing is having the web server do the authentication/query to the AD server with their supplied credentials; if the web server has access to AD and just queries the server for whether the user is in group XYZ, they'll get a list right from AD, not from the login token of the user which does require logon/logoff to get a new token with proper privileges.
I know your dev machine right now from the description doesn't have that access but it sounded like you mean when you deploy it you need this functionality.
If you rely on the token, you'll have to log off and back in.
There is a scripted way of doing this completely through the command line; you can use klist.
Done.