Hi there,

Getting into ASP.Net finally, looks good but I'm having a bit of
trouble here. I'm protecting my web site via form-based security (I
won't go into the ins and outs, suffice to say it's all in one
web.config file and not amazing). Basically, I'm holding a list of
roles in a database for each user. Once the user has got past the
login form, the Application_AuthenticateRequest fires. In there, I'm
doing a database lookup on the user and then creating a
GenericPrincipal using the User's Identity and the array of roles.
It's great, it works, cool.

UNFORTUNATELY, IT RUNS EVERY TIME THE PAGE IS LOADED. So that's a
database lookup every time a page is requested - not good enough. I
can't even store the array of roles in a Session variable because you
don't get access to the session variable in
Application_AuthenticateRequest , doh!

I wish to keep my roles in the db, and I don't want to keep a list of
users and passwords in the web.config file, or read them out of an XML
file ('cos that would be the same problem).

Any suggestions?

Kind regards,

Mike Kingscott