Re: Forms Authentication, Roles Authorization, Session Variables and Application_AuthenticateRequest Help!
From: Rob (rob@rbfa.com)
Date: 11/19/02
- Next message: Chris Lewis: "Forms authorisation - how to redirect to a "you do not have sufficient permission" page???"
- Previous message: Bob Lochen: "SSL Question"
- In reply to: Javier Miranda: "Forms Authentication, Roles Authorization, Session Variables and Application_AuthenticateRequest Help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rob" <rob@rbfa.com> Date: Mon, 18 Nov 2002 22:10:16 -0500
I have been searching for the same solution - without success. I am now
going to the database each time the user requests.. ughh. Please post if
you have found one.
"Javier Miranda" <jamiranda@lycos.com> wrote in message
news:u$W7aO5fCHA.2240@tkmsftngp12...
> I have found this newsgroup discussion during my search for a security
> solution. I am using Forms authentication with Roles authorization. I am
> trying to get Roles in Application_AuthenticateRequest from a Session
> variable, but I received the same error as the guy bellow: Session state
is
> not available in this context. I put a beak point in Session_Start and
> Application_BeginRequest just to verify execution flow. My test show that
> Session_Start get fired before I get the error. I put
> Request.IsAuthenticated condition in Application_AuthenticateRequest to
> control the request to session variable only if request was authenticated.
>
> I am trying not to go to the DB on each Application_AuthenticateRequest
> call. Instead I would like to get Roles from Session variable wich I set
> after the user gets authenticated. Any help?
>
>
> Bo Koralage [@objectsoln.com]
> I have a simple application that stores a customUser
> object in a session variable as follows
>
> Session["CurrentUser"]= newUser;
>
> newUser is an object. I want to get this user in
> Global.asax Application_AuthenticateRequest method. I
> thought this would be straight forward but I keep getting
> an error
>
> System.Web.HttpException: Session state is not available
> in this context.
>
> It almost seams like the session object is not availabe in
> the Global.asax file but I find that hard to believe. Any
> help would be great
>
> Thanks - Bo
>
>
> Naveen Kohli [@hotmail.com]
> AuthenticateRequest event is raised right after a user has been
> authenticated but still has not been authorized meaning that aplication
> has not decided on the areas that this user canhave access to. And this
> stage, application hasn't acquired the state also. So there is no
> session state at this point.
>
> Naveen
> http://www.pardesiservices.com/softomatix.asp
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
>
>
> Craig Deelsnyder [@yahoo.com]
> I don't think it's necessarily true for all of global.asax, someone else
> will have to verify that. I do know that the Session context is not
> available in the AuthenticateRequest method.
>
> It may have something to do with the fact that authentication and session
> state are 'separate'; they don't depend on each other (different
lifetimes,
> etc.)
>
>
>
>
>
- Next message: Chris Lewis: "Forms authorisation - how to redirect to a "you do not have sufficient permission" page???"
- Previous message: Bob Lochen: "SSL Question"
- In reply to: Javier Miranda: "Forms Authentication, Roles Authorization, Session Variables and Application_AuthenticateRequest Help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
