Re: Authorization question, w/ "Windows" authentication mode

From: matt@xxxxxxxxxxxxxx
Date: 29 Jun 2006 08:37:42 -0700

Joe Kaplan (MVP - ADSI) wrote:

To avoid a database hit, you can use the cache or use
session state or perhaps a cookie

actually, i think the options may be limited to the Cache or a cookie.
it appears the Session object doesnt yet exist "Session_Start()" is
executed *after* "Application_AuthenticateRequest()".

i had thought perhap i could just check for Session being null, if so
grab from db, and that after page hit-one Session should then exist.
but...it doesnt. dah!

so it looks like Cache or cookie are the only options. if i did Cache i
supposed id use a unique key based off the userID, w/ a short
time-to-live.

matt

.

Follow-Ups:
- Re: Authorization question, w/ "Windows" authentication mode
  - From: Dominick Baier [DevelopMentor]

References:
- Authorization question, w/ "Windows" authentication mode
  - From: matt
- Re: Authorization question, w/ "Windows" authentication mode
  - From: Joe Kaplan \(MVP - ADSI\)

Prev by Date: Re: Authorization question, w/ "Windows" authentication mode
Next by Date: Re: Authorization question, w/ "Windows" authentication mode
Previous by thread: Re: Authorization question, w/ "Windows" authentication mode
Next by thread: Re: Authorization question, w/ "Windows" authentication mode
Index(es):
- Date
- Thread

Relevant Pages

Re: Role Providers Cache
... do our own cache using the cache management API. ... farm environment with out of process session state. ... Auth Manager Role Provider or use the SQL Role provider (moving the roles ... So my main concern was on the cache feature and the cookie was worried we ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Role Providers Cache
... If you have sticky session support, then you can use in process session ... do our own cache using the cache management API. ... Auth Manager Role Provider or use the SQL Role provider (moving the ... So my main concern was on the cache feature and the cookie was worried ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Authorization question, w/ "Windows" authentication mode
... session is not available in Post/AuthenticateRequest - i would use the cache or a cookie ... if cookie i would use the userData field of the FormsAuth ticket - this gives you encryption and integrity protection + renewal for free ... it appears the Session object doesnt yet exist "Session_Start" is ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Identify User After Session Ends
... > session is timeout, we need to send a mail to him with his editing datas. ... > store in cookie to idenitfy him. ... > that use the Application Cache to store the user's data. ... > Expire Time and add EXpire event handler for cache object in asp.net. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Session state is not available in this context
... The reason that I can't use cache is I need role information for any single ... If I want to use cache then the index could be session id and also I have to ... > Another option with the cookie would be to encrypt it so the user cannot ...
(microsoft.public.dotnet.framework.aspnet.security)