Update Rate of AD group membership for Windows Authentication

Product: PowerShell Universal
Version: 2.9.3

I am trying to implement Windows Authentication for access API calls.
The setup will allow members in an AD Group to be able to call some APIs by using
Invoke-RestMethod https://******** -UseDefaultCredentials

If I use Claim type http://schemas.microsoft.com/ws/2008/06/identity/claims/role
it works, but if I remove member from the group, the member retain the access, and I need to wait a long time, even reboot/restart PU/IIS/Service

If I use Policy, and using the script in the documentation to check if user is member of that AD group.
It seems I need to restart PU serevice or IIS to make the change take effect.

If it just take time to reflect the changes in AD group membership, I can live with that …, just lite annoying when testing
Can someone explain if possible what can I expect or if I am just doing this wrongly

We have a caching mechanism in PSU for cache user membership because of how Windows Authentication works. If we didn’t it would call the authorization scripts over and over again. That said, it is annoying and we have an open issue here to address it: Clear AD cache from dashboard · Issue #536 · ironmansoftware/issues · GitHub

I think having some sort of button in our UI to clear it would be good. You can actually view and clear items in the cache using the /api/v1/cache endpoints. If you look at the swagger docs you can see which are available: API - PowerShell Universal

I can see how that would be handy, we don’t have much churn with membership of groups using PowerShell Universal but it does happen on occasion.

As an aside, I can’t seem to load Swagger in my environment. I’ve been trying to look at that endpoint, but when I authenticate, browse to the address I get this message:
Internal Server Error /swagger/v1/swagger.json

Looks like a 404 on a ‘theme-feeling-blue.css’ file and a 500 error on swagger.json

Looks like my log has some entries as well.

2022-04-05 15:33:45.604 -03:00 [ERR] Connection id "0HMGN4V2JI7P3", Request id "0HMGN4V2JI7P3:0000000C": An unhandled exception was thrown by the application.
Microsoft.CSharp.RuntimeBinder.RuntimeBinderException: 'char' does not contain a definition for 'Text'
   at CallSite.Target(Closure , CallSite , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute1[T0,TRet](CallSite site, T0 arg0)
   at CallSite.Target(Closure , CallSite , Object )
   at Universal.Server.SwashbuckleSchemaFilter.PreSerializeFilter(OpenApiDocument document, HttpRequest request) in D:\a\universal\universal\src\Universal.Server\Middleware\SwashbuckleSchemaFilter.cs:line 76
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Universal.Server.Middleware.SwaggerAuthenticationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\SwaggerAuthMiddleware.cs:line 42
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
2022-04-05 15:42:01.036 -03:00 [ERR] An unhandled exception has occurred while executing the request.
Microsoft.CSharp.RuntimeBinder.RuntimeBinderException: 'char' does not contain a definition for 'Text'
   at CallSite.Target(Closure , CallSite , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute1[T0,TRet](CallSite site, T0 arg0)
   at CallSite.Target(Closure , CallSite , Object )
   at Universal.Server.SwashbuckleSchemaFilter.PreSerializeFilter(OpenApiDocument document, HttpRequest request) in D:\a\universal\universal\src\Universal.Server\Middleware\SwashbuckleSchemaFilter.cs:line 76
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Universal.Server.Middleware.SwaggerAuthenticationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\SwaggerAuthMiddleware.cs:line 42
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2022-04-05 15:42:01.037 -03:00 [ERR] Connection id "0HMGN4V2JI7PQ", Request id "0HMGN4V2JI7PQ:00000006": An unhandled exception was thrown by the application.
Microsoft.CSharp.RuntimeBinder.RuntimeBinderException: 'char' does not contain a definition for 'Text'
   at CallSite.Target(Closure , CallSite , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute1[T0,TRet](CallSite site, T0 arg0)
   at CallSite.Target(Closure , CallSite , Object )
   at Universal.Server.SwashbuckleSchemaFilter.PreSerializeFilter(OpenApiDocument document, HttpRequest request) in D:\a\universal\universal\src\Universal.Server\Middleware\SwashbuckleSchemaFilter.cs:line 76
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Universal.Server.Middleware.SwaggerAuthenticationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\SwaggerAuthMiddleware.cs:line 42
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
   at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

Are you on 2.9.3? This could be because of some custom API you have. We have some handling in 2.10 to avoid this issue when attempting to generate the custom API swagger docs.

thanks! I will give it a try!

I’m on 2.9.2, totally missed seeing 2.9.3 drop.

I’ll try it again when 2.10 releases. Thanks

v2.9.3 was most just a fix for PSU deskop.