(Regret any inconvenience about my English)

Greetings from Spain. Just some help to decide how to implement the following.
Just a brief summary about my proyect. We have a company which is composed of several sections. In each section there are different functions - administrator, managers, guests. I have implemented the role-based authenticacion and authorization in the Global.asax file through the GenericPrincipal Class.

There's a general Administrator who can access to all of the data stored by any of the sections, but the sections users are not allowed to see each other info and data.

When the users login I retrieve from the db the user's section. Where is "best practice" to store this info in order to be available all around the app? In the Session object or maybe in the HttpContext.Items object?

Any suggest is welcome. Thanks in advance

Just reading we'll reach our goals.

__________________
Just reading we\'ll reach our goals.

I would start with the session collection. You could also use a cookie.

Thanks for your answer.

Just thinking out...

'First establishing Session_OnStart:
'Setting the IdSection Value
HttpContext.Current.Session("IdSection") = anyValue
...
'Now Getting the IdSection in any Stored Procedure
...
myParam.Value = Current.Session("IdSection")
...

'If User LogOff I raise Event Session_OnEnd through the
'HttpSessionState Abandon Method.

Public Sub LogOff(sender As System.Object, E As System.EventArgs)
'Removing the authetication ticket if FormsAuthentication Provider
'was used
FormsAuthentication.SignOut()
'I Raise the Session_OnEnd Event to delete the Session("IdSection")
'Item
Session.Abandon()
End Sub

'Session_OnEnd Event at global.asax
...
HttpContext.Current.Session.RemoveAll


Would you use this solution?

Thanks in advance


Just reading we'll reach our goals.