When an authenticated user accesses an ArcGIS Server resource and web-tier authentication has been enabled using ArcGIS Web Adaptor (IIS), the Web Adaptor retrieves the user's role membership list from Active Directory. Repeated calls to Active Directory to obtain a user's role list negatively impacts performance of both Active Directory and ArcGIS Server. To optimize performance, the Web Adaptor caches the list of roles that a user is a member of.
In an out-of-the-box installation of ArcGIS Web Adaptor (IIS), a user's roles are cached either in a cookie managed by the web browser or in the primary system memory (RAM) of the web server hosting the Web Adaptor. If the size of a user's role list is less than 4KB, the list is stored as a cookie by the web browser. If the list is 4KB or larger, it is managed in the system memory.
If a user's role list is stored in the web browser cookie cache, it expires in one minute. The ArcGIS Web Adaptor (IIS) system memory cache for a user's role list is configurable and its properties are managed in the RoleCache element defined in the C:\inetpub\wwwroot\{Web Adaptor name}\WebAdaptor.config file. The following section describes the RoleCache element and its properties.
<RoleCache>
<NumberOfUsers>100</NumberOfUsers>
<Expiration>5</Expiration>
<Enabled>true</Enabled>
<CacheAllRolesInMemory>false</CacheAllRolesInMemory>
</RoleCache>Property | Description |
| NumberOfUsers | This property limits the number of users that can have their role membership list stored in the system memory. |
| Expiration | This property defines the amount of time, in minutes, that a user's list is stored in the system memory. The maximum recommended value for this property is one day (or 1,440 minutes). |
| Enabled | This property is used to disable the system memory cache. Disabling the system cache is not recommended. |
| CacheAllRolesInMemory | If this property is set to true, the cookie cache is disabled and only the system memory is used to cache the role membership list for all users. |