Re: Authorization question, w/ "Windows" authentication mode
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 16:52:26 +0000 (UTC)
Hi,
session is not available in Post/AuthenticateRequest - i would use the cache or a cookie
cache has the advantage of being self managed and server only
if cookie i would use the userData field of the FormsAuth ticket - this gives you encryption and integrity protection + renewal for free
In both cases (a little easier with the cache) - you should periodically check if the user is still valid and the group memberships are still OK - otherwise you end up with stale information - especially if sliding expiration is used.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Joe Kaplan (MVP - ADSI) wrote:
To avoid a database hit, you can use the cache or use session stateactually, i think the options may be limited to the Cache or a cookie.
or perhaps a cookie
it appears the Session object doesnt yet exist "Session_Start()" is
executed *after* "Application_AuthenticateRequest()".
i had thought perhap i could just check for Session being null, if so
grab from db, and that after page hit-one Session should then exist.
but...it doesnt. dah!
so it looks like Cache or cookie are the only options. if i did Cache
i supposed id use a unique key based off the userID, w/ a short
time-to-live.
matt
.
- Follow-Ups:
- Re: Authorization question, w/ "Windows" authentication mode
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Authorization question, w/ "Windows" authentication mode
- References:
- Prev by Date: Re: Authorization question, w/ "Windows" authentication mode
- Next by Date: Re: Authorization question, w/ "Windows" authentication mode
- Previous by thread: Re: Authorization question, w/ "Windows" authentication mode
- Next by thread: Re: Authorization question, w/ "Windows" authentication mode
- Index(es):
Relevant Pages
|
|
