I have LDAP Auth working and I get the UserPrincipal then get the user's groups:
PrincipalSearchResult<Principal> groups = userPrincipal.GetAuthorizationGroups();
I use this to restrict access by group.
This works, but if I then remove the user from the group I still get the old groups for about 20 minutes. After an IIS Reset the credentials are correct, so I think this is IIS caching but I haven't found where to set the expiration.
Anyone know where to set IIS AD caching?