Ask a Question related to ASP.NET Security, Design and Development.
-
AndiV #1
Need help improving authorization
I don't have a response in framework.aspnet, may be this one is a more
appropriate group.
= = = = = = = = = = = = = = = = == = = = = = == = = = = = = = = = = = = = =
= = =
Each of my intranet page (windows authentication) needs to validate user's
roles stored in the database. Currently, I retrieve the the
User.Identity.Name property, then query the database for user's roles
everytime a page is loaded, which is very inefficient.
I think a more efficient approach would be to query the database only once
for each user, the application_start event is probably the best place? Once
this particular user's roles are retrieved, the roles can be concatenated as
a delimied string and stored in cookie or a session variable. Then on each
page load event, I just have to parse the roles string to apply
authorization.
I believe this scheme will work. But it seems more like a hack than a design
pattern or a best practice. I'm seeking a .NET elegant solution. Please
advise.
TIA,
Andi
AndiV Guest
-
Improving User Experience
Hi there I have a program which enables me to enter records into the database. What I would like to do is improve the system for the user. I... -
improving page tool
it would be great if it is possible to drag and drop pages between open FH documents with page tool, great for building layouts. also a´book´... -
Improving embedded browser
Dear sirs, I want to embed a browser inside my Director's movie. I have succeeded in embedding IE Active X control, but although it prefectly... -
Need help with improving my databasequery.
I have the following MS Access table: Name -- Content Attributes -- Title Shortdesc Longdesc Synoniemen Using the next query I retrieve... -
? improving on a Sony707
I am reposting this as it seems to have got a bit lost. I am at present using aSony F707 and getting some good pics but a one off chance to... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Need help improving authorization
The basic ideas are that you want to cache the role data, either in a cookie
(which is what a lot of the forms auth samples show), Session or Cache.
With a cookie, you need to make sure you encrypt or use an HMAC to ensure
that the values are not tampered with.
All three approaches work fine and have their good points and bad points as
with any user state persistence requirement.
Joe K.
"Shaun" <Shaun@discussions.microsoft.com> wrote in message
news:F571DD66-4B6A-4151-8E7F-4B273F0F1724@microsoft.com...[url]http://www.dotnet247.com/247reference/msgs/14/72098.aspx[/url] (you can find> There are a few pages out there with methods for this, the one I used is
vb.net and c# versions, although changing the code is not difficult).IsInRole method.>
> Once you've used the code you find there you can check the roles using the= =>
> Hope this helps.
>
> --------------------------
> Shaun Venus
>
> emailid: sunevnuahs
> domain: hotmail.com
> --------------------------
>
>
> "AndiV" wrote:
>> > I don't have a response in framework.aspnet, may be this one is a more
> > appropriate group.
> >
> > = = = = = = = = = = = = = = = = == = = = = = == = = = = = = = = = = = =user's> > = = =
> >
> > Each of my intranet page (windows authentication) needs to validateonce> > roles stored in the database. Currently, I retrieve the the
> > User.Identity.Name property, then query the database for user's roles
> > everytime a page is loaded, which is very inefficient.
> >
> > I think a more efficient approach would be to query the database onlyOnce> > for each user, the application_start event is probably the best place?concatenated as> > this particular user's roles are retrieved, the roles can beeach> > a delimied string and stored in cookie or a session variable. Then ondesign> > page load event, I just have to parse the roles string to apply
> > authorization.
> >
> > I believe this scheme will work. But it seems more like a hack than a> > pattern or a best practice. I'm seeking a .NET elegant solution. Please
> > advise.
> >
> > TIA,
> > Andi
> >
> >
> >
> >
Joe Kaplan \(MVP - ADSI\) Guest
-
AndiV #3 Re: Need help improving authorization
Thanks for your help, Shaun and Joe.
"AndiV" <andiv@yahoo.com> wrote in message
news:u8F%236I3bEHA.4032@TK2MSFTNGP11.phx.gbl...=> I don't have a response in framework.aspnet, may be this one is a more
> appropriate group.
>
> = = = = = = = = = = = = = = = = == = = = = = == = = = = = = = = = = = = =Once> = = =
>
> Each of my intranet page (windows authentication) needs to validate user's
> roles stored in the database. Currently, I retrieve the the
> User.Identity.Name property, then query the database for user's roles
> everytime a page is loaded, which is very inefficient.
>
> I think a more efficient approach would be to query the database only once
> for each user, the application_start event is probably the best place?as> this particular user's roles are retrieved, the roles can be concatenateddesign> a delimied string and stored in cookie or a session variable. Then on each
> page load event, I just have to parse the roles string to apply
> authorization.
>
> I believe this scheme will work. But it seems more like a hack than a> pattern or a best practice. I'm seeking a .NET elegant solution. Please
> advise.
>
> TIA,
> Andi
>
>
>
AndiV Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
