.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
Users, Roles etc... Question to Scott G.
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngbeta' list.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.

atj@kylas.com (Anil John)
Scott,

In your message given below, you had spoken of building a simple sample to
demonstrate the concepts that you were speaking about... Did you ever get a
chance to do this?

I am definitely one of those who gain a better understanding after looking over
code samples... So any help along these lines would be appreciated.

Anil

---------------
One way to store roles without having to rehit the database on each request
would be to utilize a client-side cookie to persist the roles. You could
then use the Application_AuthenticateRequest event to take this cookie and
instantiate an appropriate GenericPrincipal object with the role
information. If you wanted to be fancy, you could even using a sliding
window timeout on this role information -- causing you to automatically
invalidate and then repopulate the cookie with the database stored role
mappings after a specified period of time.

The thing you need to careful of, naturally, is to ensure that clients can't
maliciously manipulate the client-side cookie contents between round-trips.
You can do this in one of two ways:

1) Using the System.Security.Cyptography APIs to manually encrypt/decrypt
the cookie content

2) Utilize the built in "UserData" property exposed on the
CookieAuthenticationTicket class (which is in turn exposed off of the
CookieIdentity class which User.Identity is an instance of when forms based
authentication is enabled). The "UserData" property allows you to get/set a
string (in whatever format you want). The forms based authentication system
will then automatically encrypt/decrypt its value for you.

Note that the IBuySpy News application will demonstrate how to do the above
when we finish building it and post it onto www.IBuySpy.com. Give me a
shout if you have problems implementing the above solution in the meantime,
however, and I'll see if I can build a simple sample to demonstrate.

Hope this helps,

- Scott

-----------------------------------------------------------
EMail: Click here to reveal e-mail address
My ASP.NET Sample Site: http://www.eraserver.net/scottgu

--
_______________________________________________________________
Anil John
Click here to reveal e-mail address [PGP Key Available]
Reply to this message...
 
    
Chuck (VIP)
Scott,
I'd be interested in seeing anything that allows you to set the cookie
expiration or put something in the userdata area. I've put up half a dozen
posts on this and similar topics regarding cookie authentication and have
never gotten an answer (even on asngescalate).

At 06:02 PM 4/30/2001 -0700, you wrote:
[Original message clipped]
Reply to this message...
 
 
System.Security.Principal.GenericPrincipal




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification