Re: GenericPrincipal

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 13 Sep 2007 00:01:31 +0000 (UTC)

Well - Roles Provider would be the right provider in that case.

Either use the out of the box one - if you are happy to use the MS provided DB schema -

otherwise simply derive from RoleProvider and implement the GetRolesForUser method.

When you register the provider using system.web/roleManager you have all kinds of caching options.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Right, but what I'm saying is that all of the other frameworks for
doing this have code to authenticate the user, recreate the principal
and perform authorization on each request and so must your code. If
you need to save your roles in between executions to avoid a round
trip to the db to look them up again, then you need to persist them in
cache, session or in a secure cookie and regenerate them that way.

People usually use the membership providers so they don't have to
write all that code.

Joe K.

References:
- Re: GenericPrincipal
  - From: Joe Kaplan

Prev by Date: Re: Session parameter lost memory
Next by Date: Re: Trust level required for AppDomain.CurrentDomain.UnhandledExcept
Previous by thread: Re: GenericPrincipal
Next by thread: Re: GenericPrincipal
Index(es):
- Date
- Thread

Relevant Pages

Role provider?
... ASP.NET 2.0 has a membership provider and a roles provider, however, how do ... you get a smiliar system to work in VB.NET? ...
(microsoft.public.dotnet.languages.vb)
Re: using Exchange 2007 as email server for an outside address?
... Our T1 provider only allows us to use their outgoing email server to send from within our LAN, we don't have the option to authenticate with a username and password. ...
(microsoft.public.exchange.admin)