I'm looking for some guidance on expected behaviour concerning password 
changes.


The application is a virtual desktop connection broker and is comprised of:

1. Forms authenticated web site, using the Active Directory membership 
provider. Hosts MSRDP ActiveX.

2. Remoting service that brokers virtual desktop connections.

3. Virtual Server farms hosting virtual desktops.


The application works as follows:

1. User logs in to the web form.

2. Web application communicates with broker service to retrieve the 
appropriate virtual desktop name.

3. User is forwarded to a web page hosting the MSRDP ActiveX and is 
connected to the virtual desktop.

4. Use logs in using the same account that was used to authenticate to the 
web site.

5. When the virtual desktop session is terminated, the user is forwarded 
back to the default page of the web site.


My question is related to the following scenario:

1. User completes steps 1. – 4. described above.

2. User changes password within the virtual desktop.

3. User logs out of virtual desktop and is forwarded to the default page.


What would be the expected result? 

If the site was using integrated authentication I would expect this to 
result in an account lockout as the credentials provided to Internet Explorer 
when originally prompted would now be out of date. Is this assumption correct?

Thanks,

Alex