Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

aspx thread: XML Role Based Security Questions Answered

Message #1 by "Scott Guthrie" <scottgu@m...> on Thu, 22 Mar 2001 11:24:07 -0800
Origional Question:

----------------------------------------



XML-driven Roles-Based Security:



1. What is the best way to avoid having to get the roles for the current

user on each page request and recreate the custom IPrinciple Security

object? I thought about putting the roles string in a Session variable,

but

then I discovered that I can't access Session variables from the

global.vb

(I have the code for associating roles with the user in

Application_AuthenticateRequest). I also considered storing

Contex.User.Identity.Name in the Application State, but am not sure if

this

is a good idea. I just wish we could access Session variables from the

global.asax codebehind.



2. I have an XML document which stores SecurityRoles and SitePages (we

adapted the IBuySpy PortalVB Portal.Config and supporting serialization

Classes). It we do not cache the deserialized XML data (that is, we

deserialize on every page request), all works fine. But as soon as we

turn

on caching, only the first time that we access the site does everything

work

fine. On subsequent hits, things go awry: No errors are thrown, but

Roles

don't get processed, page access is typically denied, some links have

the

wrong URLs, images don't load properly, etc. Any ideas?



Patrick Barnes



ScottGu Answer:

----------------------------------------



Hi Patrick,



Some answers below:



1) I'd recommend caching the role information in an encrypted

client-side cookie to avoid having to get role information on each

request.  This provides the easiest way to reduce database hits.  We are

in the process of finishing up a new IBuySpy Sample (a cool Subscription

Site sample -- similar to www.asptoday.com and www.nytimes.com) that

will actually demonstrate this technique in action.  Look for it to show

up sometime over the next two weeks.  There should hopefully be some

good code to re-use from it.



2) Hmm -- this sounds like some type of bug.  It might be worth posting

a simple code repro of it on the IBuySpy listserv over on aspng (you can

sign-up on www.asp.net).  We'll then be able to take a look and

hopefully debug it for you.



Hope this helps,



Scott

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy