I am having a major problem with what (appears) to be a caching mechanism within IIS (4 and 5) with regard to authentication.<BR><BR>My Intranet site is built using ASP and COM objects. The site is protected using basic (clear text) authentication. Consequently local accounts are created on the webserver for each user that wishes to access the site.<BR><BR>I am having problems synchronising the state of the local user accounts with the authentication within IIS.<BR><BR>For example. Take one local account and disable it using User Manager For Domains. Try to logon to the site and the browser pops-up the authentication dialogue. Type the correct username and password and the browser refuses to connect to the site. GOOD.<BR><BR>Now enable the account and try the same process on the browser. The browser connects to the site. GOOD.<BR><BR>Now disable the account again, close the browser, open the browser and try to connect to the site. Browser connects. BAD.<BR><BR>Restart PC with browser. Still connects. Restart IIS service on Server. Still connects. Restart IIS box. Does not connect.<BR><BR>A similiar problem occurs with any changes to Users, including password changes and User Group allocation.<BR><BR>It seems that once IIS authenticates a user, it caches that fact in memory somehow to avoid round trips to the NT authentication process to speed up the system. Only trouble is this caching means that IIS is always out of sync with what is the reality of that users status or password.<BR><BR>So, please, can someone tell me how to force IIS to refresh its authentication cache without restarting the web server. Preferably a IIS metabase change, registry hack, API call or ActiveX object that refreshes the IIS authentication memory.<BR><BR>Thanks,<BR><BR>Mike Challis<BR>3 Thinking Limited UK