Thanks Joe for help

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OjCSHM2FEHA.2560@TK2MSFTNGP12.phx.gbl...
> Making the cache work like the session is pretty easy by simply creating
> cache keys that include the user name. So, instead of doing:
> Session["Roles"]
> you do something like (not exact syntax):
> Cache[username + "Roles"]
>
> Then, you just clear the objects in the Session_End event if you want them
> cleared. You really don't have to give up on the cache in your scenario.
> However, the cookie approach works too.
>
> Joe K.
>
> "A.M" <IHateSpam@sapm123.com> wrote in message
> news:eI7q4B1FEHA.1240@TK2MSFTNGP10.phx.gbl...
> > The reason that I can't use cache is I need role information for any
> single
> > session because different users in different sessions have different
> roles.
> > If I want to use cache then the index could be session id and also I
have
> to
> > delete item from cache inside session_end event. It probably works but I
> am
> > looking for more automated way for rest of my projects.
> >
> > Thanks,
> > Ali
> >
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:O71K$ezFEHA.264@TK2MSFTNGP12.phx.gbl...
> > > Just out of curiosity, why can't you use the cache?
> > >
> > > I say this because I've used the technique of looking up roles from
SQL
> in
> > > AuthenticateRequest and had good luck caching the results for later
use.
> > >
> > > Another option with the cookie would be to encrypt it so the user
cannot
> > > interpret it and make it a session-only (non-persisted cookie) so that
> it
> > > would be updated frequently. Then, you only take the perf. hit on
> session
> > > start up. This basic technique shows up in many of the examples.
> > >
> > > Joe K.
> > >
> > > "A.M" <IHateSpam@sapm123.com> wrote in message
> > > news:ep5e8KzFEHA.1128@TK2MSFTNGP11.phx.gbl...
> > > > Thanks Joe for reply.
> > > >
> > > > Now I know I can't use cache to store user's role.
> > > >
> > > > I have my role definition in sql database. I am trying my best to
> avoid
> > > > query database in Application_AuthenticateRequest.
> > > > At this point, I am using user data in authentication ticket but i
> > don't
> > > > like the fact that user role information is being stored at client's
> > > cookie
> > > > storage. beside that if client chooses to persist the cookie, then
the
> > > role
> > > > definition might change in time.
> > > >
> > > > I tried to use session object, Nice try but it doen't work becuse i
> > can't
> > > > use session object Application_AuthenticateRequest.
> > > >
> > > > Do you have any alternative for querying database and and using user
> > data
> > > in
> > > > authentication ticket ?
> > > >
> > > > Thanks,
> > > > Ali
> > > >
> > > >
> > > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
> > wrote
> > > > in message news:eTHgHztFEHA.3856@TK2MSFTNGP12.phx.gbl...
> > > > > The cache is application scope, so you need to share it with all
> > > > concurrent
> > > > > users. This is generally easy to do with cache keys that include
> the
> > a
> > > > > unique identifier for the user.
> > > > >
> > > > > The cache can last as long as you want, depending on the
expiration
> > info
> > > > you
> > > > > provide when you put something in the cache.
> > > > >
> > > > > One thing the cache can't do is out of process or SQL-based state
> > > > > persistence. Those features of session state give you the ability
> to
> > > > share
> > > > > state between multiple load-balanced servers and survive work
> process
> > > > > restarts since the state is persisted externally.
> > > > >
> > > > > A lot of the time, the cache will do what you want and is faster,
> but
> > it
> > > > > depends. There are lots of good articles around that discuss the
> > > various
> > > > > ASP.NET state management options.
> > > > >
> > > > > Joe K.
> > > > >
> > > > > "A.M" <IHateSpam@sapm123.com> wrote in message
> > > > > news:ubgH2rlFEHA.3132@TK2MSFTNGP12.phx.gbl...
> > > > > > Thank you for reply.
> > > > > >
> > > > > > Is the Cache's scope at application level or session level ?
Does
> it
> > > > keep
> > > > > > data for all session long? If it is so, generally why would I
use
> > > > Session
> > > > > > object if i have Cache object?
> > > > > >
> > > > > > Thanks
> > > > > > Ali
> > > > > >
> > > > > > "[MSFT]" <lukezhan@online.microsoft.com> wrote in message
> > > > > > news:zuH0$DjFEHA.3568@cpmsftngxa06.phx.gbl...
> > > > > > > Hi Ali,
> > > > > > >
> > > > > > > AuthenticateRequest event is raised right after a user has
been
> > > > > > > authenticated but still has not been authorized meaning that
> > > > aplication
> > > > > > has
> > > > > > > not decided on the areas that this user can have access to.
And
> > this
> > > > > > stage,
> > > > > > > application hasn't acquired the state also. So there is no
> session
> > > > state
> > > > > > at
> > > > > > > this point. You can use the Cache object as Joe suggest.
> > > > > > >
> > > > > > > Regards,
> > > > > > >
> > > > > > > Luke
> > > > > > > Microsoft Online Support
> > > > > > >
> > > > > > > Get Secure! [url]www.microsoft.com/security[/url]
> > > > > > > (This posting is provided "AS IS", with no warranties, and
> confers
> > > no
> > > > > > > rights.)
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>