Re: Session state is not available in this context

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 03/31/04

• Previous message: A.M: "Re: Session state is not available in this context"
• In reply to: A.M: "Re: Session state is not available in this context"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 31 Mar 2004 09:49:18 -0600

Just out of curiosity, why can't you use the cache?

I say this because I've used the technique of looking up roles from SQL in
AuthenticateRequest and had good luck caching the results for later use.

Another option with the cookie would be to encrypt it so the user cannot
interpret it and make it a session-only (non-persisted cookie) so that it
would be updated frequently. Then, you only take the perf. hit on session
start up. This basic technique shows up in many of the examples.

Joe K.

"A.M" <IHateSpam@sapm123.com> wrote in message
news:ep5e8KzFEHA.1128@TK2MSFTNGP11.phx.gbl...
> Thanks Joe for reply.
>
> Now I know I can't use cache to store user's role.
>
> I have my role definition in sql database. I am trying my best to avoid
> query database in Application_AuthenticateRequest.
> At this point, I am using user data in authentication ticket but i don't
> like the fact that user role information is being stored at client's
cookie
> storage. beside that if client chooses to persist the cookie, then the
role
> definition might change in time.
>
> I tried to use session object, Nice try but it doen't work becuse i can't
> use session object Application_AuthenticateRequest.
>
> Do you have any alternative for querying database and and using user data
in
> authentication ticket ?
>
> Thanks,
> Ali
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:eTHgHztFEHA.3856@TK2MSFTNGP12.phx.gbl...
> > The cache is application scope, so you need to share it with all
> concurrent
> > users. This is generally easy to do with cache keys that include the a
> > unique identifier for the user.
> >
> > The cache can last as long as you want, depending on the expiration info
> you
> > provide when you put something in the cache.
> >
> > One thing the cache can't do is out of process or SQL-based state
> > persistence. Those features of session state give you the ability to
> share
> > state between multiple load-balanced servers and survive work process
> > restarts since the state is persisted externally.
> >
> > A lot of the time, the cache will do what you want and is faster, but it
> > depends. There are lots of good articles around that discuss the
various
> > ASP.NET state management options.
> >
> > Joe K.
> >
> > "A.M" <IHateSpam@sapm123.com> wrote in message
> > news:ubgH2rlFEHA.3132@TK2MSFTNGP12.phx.gbl...
> > > Thank you for reply.
> > >
> > > Is the Cache's scope at application level or session level ? Does it
> keep
> > > data for all session long? If it is so, generally why would I use
> Session
> > > object if i have Cache object?
> > >
> > > Thanks
> > > Ali
> > >
> > > "[MSFT]" <lukezhan@online.microsoft.com> wrote in message
> > > news:zuH0$DjFEHA.3568@cpmsftngxa06.phx.gbl...
> > > > Hi Ali,
> > > >
> > > > AuthenticateRequest event is raised right after a user has been
> > > > authenticated but still has not been authorized meaning that
> aplication
> > > has
> > > > not decided on the areas that this user can have access to. And this
> > > stage,
> > > > application hasn't acquired the state also. So there is no session
> state
> > > at
> > > > this point. You can use the Cache object as Joe suggest.
> > > >
> > > > Regards,
> > > >
> > > > Luke
> > > > Microsoft Online Support
> > > >
> > > > Get Secure! www.microsoft.com/security
> > > > (This posting is provided "AS IS", with no warranties, and confers
no
> > > > rights.)
> > > >
> > >
> > >
> >
> >
>
>

• Previous message: A.M: "Re: Session state is not available in this context"
• In reply to: A.M: "Re: Session state is not available in this context"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Role Providers Cache ... do our own cache using the cache management API. ... farm environment with out of process session state. ... Auth Manager Role Provider or use the SQL Role provider (moving the roles ... So my main concern was on the cache feature and the cookie was worried we ... (microsoft.public.dotnet.framework.aspnet.security) Re: Role Providers Cache ... If you have sticky session support, then you can use in process session ... do our own cache using the cache management API. ... Auth Manager Role Provider or use the SQL Role provider (moving the ... So my main concern was on the cache feature and the cookie was worried ... (microsoft.public.dotnet.framework.aspnet.security) Re: Authorization question, w/ "Windows" authentication mode ... session is not available in Post/AuthenticateRequest - i would use the cache or a cookie ... if cookie i would use the userData field of the FormsAuth ticket - this gives you encryption and integrity protection + renewal for free ... it appears the Session object doesnt yet exist "Session_Start" is ... (microsoft.public.dotnet.framework.aspnet.security) Re: Identify User After Session Ends ... > session is timeout, we need to send a mail to him with his editing datas. ... > store in cookie to idenitfy him. ... > that use the Application Cache to store the user's data. ... > Expire Time and add EXpire event handler for cache object in asp.net. ... (microsoft.public.dotnet.framework.aspnet) Re: Avoiding generating redo logs ... a query is executed which ... We store the results in the "cache" and then the ... outside of the session (as ours is a web app over http a new session is ... regard to this specific question regqarding NOLOGGING ... (comp.databases.oracle.server)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint