Re: session manager vs Form authentication in the Global.asax.cs f
From: Jasmine (Jasmine_at_discussions.microsoft.com)
Date: 06/09/05
- Next message: Joseph Bittman MCAD: "Re: User.IsInRole is always FALSE"
- Previous message: VK: "Re: Provide grouped security"
- In reply to: Dominick Baier [DevelopMentor]: "Re: session manager vs Form authentication in the Global.asax.cs file"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: session manager vs Form authentication in the Global.asax.cs f"
- Reply: Dominick Baier [DevelopMentor]: "Re: session manager vs Form authentication in the Global.asax.cs f"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Jun 2005 08:03:04 -0700
Hi Dominick,
Thanks for your answer.
I try to add "Session.add("myprincipal",principal) under Global.asax.cs ---
Application_PreRequestHandlerExecute, but this event will be called everytime
I try to request pages from web server, the Session only need to be added
once, how could I implement this?
Thanks, Jasmine
"Dominick Baier [DevelopMentor]" wrote:
> Hello Jasmine,
>
> do it later in the pipeline - when session state is available (e.g. PreRequestHandlerExecute)
>
> In AuthenticateRequest you store your principal to Context.User - pick this
> up in the later event and add it to the session.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > I am converting the asp.net application from window authentication to
> > form authentication.
> >
> > originally, the application create identity , principal , add session
> > under Session_Start event for window authentication, like:
> >
> > WindowIdentity wi=httpContext.current.user.Identity; GenericPrincipal
> > pp= new GenraicPrincipal(wi,roles); Session.Add("myPrincipal", pp);
> >
> > After I convert the app to form authentioncation. the identity and
> > principal code has been moved from Session_Start to
> > Application_AuthenticateRequest:like
> >
> > FormsIdentity fi = new FormsIdentity(authTicket);
> > GenericPrincipal pp= new GenraicPrincipal(Fi,roles);
> > My question is : How could I implement the "Session.Add("myPrincipal",
> > pp);"?
> >
> > the Session_start event start before the
> > Application_AuthenticateRequest , thus I won't know the FomsIdentity
> > (httpContext.Current.User.Identity) until I called
> > Application_AuthenticateRequest , thus, I have to generate the
> > principal object in the Application_AuthenticateRequest event, but
> > "Session.add() " cann't be called in Application_AuthenticateRequest
> > event, I got error("Session state is not availble in this context).
> >
> > Do you have any idea how to implement the "Session.Add("myPrincipal",
> > pp);" for form authentication?
> >
> > Thanks,
> >
>
>
>
>
- Next message: Joseph Bittman MCAD: "Re: User.IsInRole is always FALSE"
- Previous message: VK: "Re: Provide grouped security"
- In reply to: Dominick Baier [DevelopMentor]: "Re: session manager vs Form authentication in the Global.asax.cs file"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: session manager vs Form authentication in the Global.asax.cs f"
- Reply: Dominick Baier [DevelopMentor]: "Re: session manager vs Form authentication in the Global.asax.cs f"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
