Re: Need help improving authorization
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/22/04
- Previous message: Jim Cheshire [MSFT]: "RE: Network File access using anonymous access"
- In reply to: Shaun: "RE: Need help improving authorization"
- Next in thread: AndiV: "Re: Need help improving authorization"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Jul 2004 11:01:56 -0500
The basic ideas are that you want to cache the role data, either in a cookie
(which is what a lot of the forms auth samples show), Session or Cache.
With a cookie, you need to make sure you encrypt or use an HMAC to ensure
that the values are not tampered with.
All three approaches work fine and have their good points and bad points as
with any user state persistence requirement.
Joe K.
"Shaun" <Shaun@discussions.microsoft.com> wrote in message
news:F571DD66-4B6A-4151-8E7F-4B273F0F1724@microsoft.com...
> There are a few pages out there with methods for this, the one I used is
http://www.dotnet247.com/247reference/msgs/14/72098.aspx (you can find
vb.net and c# versions, although changing the code is not difficult).
>
> Once you've used the code you find there you can check the roles using the
IsInRole method.
>
> Hope this helps.
>
> --------------------------
> Shaun Venus
>
> emailid: sunevnuahs
> domain: hotmail.com
> --------------------------
>
>
> "AndiV" wrote:
>
> > I don't have a response in framework.aspnet, may be this one is a more
> > appropriate group.
> >
> > = = = = = = = = = = = = = = = = == = = = = = == = = = = = = = = = = = =
= =
> > = = =
> >
> > Each of my intranet page (windows authentication) needs to validate
user's
> > roles stored in the database. Currently, I retrieve the the
> > User.Identity.Name property, then query the database for user's roles
> > everytime a page is loaded, which is very inefficient.
> >
> > I think a more efficient approach would be to query the database only
once
> > for each user, the application_start event is probably the best place?
Once
> > this particular user's roles are retrieved, the roles can be
concatenated as
> > a delimied string and stored in cookie or a session variable. Then on
each
> > page load event, I just have to parse the roles string to apply
> > authorization.
> >
> > I believe this scheme will work. But it seems more like a hack than a
design
> > pattern or a best practice. I'm seeking a .NET elegant solution. Please
> > advise.
> >
> > TIA,
> > Andi
> >
> >
> >
> >
- Previous message: Jim Cheshire [MSFT]: "RE: Network File access using anonymous access"
- In reply to: Shaun: "RE: Need help improving authorization"
- Next in thread: AndiV: "Re: Need help improving authorization"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
