I am having a major problem with what (appears) to be a caching mechanism 
within IIS (4 and 5) with regard to authentication.

My Intranet site is built using ASP and COM objects. The site is protected 
using basic (clear text) authentication. Consequently local accounts are 
created on the webserver for each user that wishes to access the site.

I am having problems synchronising the state of the local user accounts 
with the authentication within IIS.

For example. Take one local account and disable it using User Manager For 
Domains. Try to logon to the site and the browser pops-up the 
authentication dialogue. Type the correct username and password and the 
browser refuses to connect to the site. GOOD.

Now enable the account and try the same process on the browser. The 
browser connects to the site. GOOD.

Now disable the account again, close the browser, open the browser and try 
to connect to the site. Browser connects. BAD.

Restart PC with browser. Still connects. Restart IIS service on Server. 
Still connects. Restart IIS box. Does not connect.

A similiar problem occurs with any changes to Users, including password 
changes and User Group allocation.

It seems that once IIS authenticates a user, it caches that fact in memory 
somehow to avoid round trips to the NT authentication process to speed up 
the system. Only trouble is this caching means that IIS is always out of 
sync with what is the reality of that users status or password.

So, please, can someone tell me how to force IIS to refresh its 
authentication cache without restarting the web server. Preferably a IIS 
metabase change, registry hack, API call or ActiveX object that refreshes 
the IIS authentication memory.

Thanks,

Mike Challis