RE: Need help improving authorization

From: Shaun (Shaun_at_discussions.microsoft.com)
Date: 07/22/04

  • Next message: Shaun: "RE: Problems when joining a domain" 
    Date: Thu, 22 Jul 2004 02:32:04 -0700

    There are a few pages out there with methods for this, the one I used is http://www.dotnet247.com/247reference/msgs/14/72098.aspx (you can find vb.net and c# versions, although changing the code is not difficult).

    Once you've used the code you find there you can check the roles using the IsInRole method.

    Hope this helps.
     
    --------------------------
    Shaun Venus

    emailid: sunevnuahs
    domain: hotmail.com
    --------------------------

    "AndiV" wrote:

    > I don't have a response in framework.aspnet, may be this one is a more
    > appropriate group.
    >
    > = = = = = = = = = = = = = = = = == = = = = = == = = = = = = = = = = = = = =
    > = = =
    >
    > Each of my intranet page (windows authentication) needs to validate user's
    > roles stored in the database. Currently, I retrieve the the
    > User.Identity.Name property, then query the database for user's roles
    > everytime a page is loaded, which is very inefficient.
    >
    > I think a more efficient approach would be to query the database only once
    > for each user, the application_start event is probably the best place? Once
    > this particular user's roles are retrieved, the roles can be concatenated as
    > a delimied string and stored in cookie or a session variable. Then on each
    > page load event, I just have to parse the roles string to apply
    > authorization.
    >
    > I believe this scheme will work. But it seems more like a hack than a design
    > pattern or a best practice. I'm seeking a .NET elegant solution. Please
    > advise.
    >
    > TIA,
    > Andi
    >
    >
    >
    >

  • Next message: Shaun: "RE: Problems when joining a domain"

    Relevant Pages

    • Need help improving authorization
      ... then query the database for user's roles ... I think a more efficient approach would be to query the database only once ... a delimied string and stored in cookie or a session variable. ... page load event, I just have to parse the roles string to apply ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Need help improving authorization
      ... > roles stored in the database. ... > I think a more efficient approach would be to query the database only once ... > a delimied string and stored in cookie or a session variable. ... > page load event, I just have to parse the roles string to apply ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Need help improving authorization
      ... >roles stored in the database. ... Currently, I retrieve the the ... >I think a more efficient approach would be to query the database only once ... >a delimied string and stored in cookie or a session variable. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Need help improving authorization
      ... Currently, I retrieve the the ... then query the database for user's roles ... I think a more efficient approach would be to query the database only once ... a delimied string and stored in cookie or a session variable. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Need help improving authorization
      ... > roles stored in the database. ... Currently, I retrieve the the ... > a delimied string and stored in cookie or a session variable. ... > page load event, I just have to parse the roles string to apply ...
      (microsoft.public.dotnet.framework.aspnet)