Application_AuthenticateRequest

Discussion in 'ASP .Net Security' started by dave, Nov 19, 2003.

  1. dave

    dave Guest

    I have code in the Global.asax that adds roles to a logged in user, which
    all works fine.

    But, i noticed that every request for a page thereafter runs this code each
    time - which requires a call to the DB, which is costly.

    I have tried to run this same piece of code from another page, instead of
    global.asax, but it never seems to be able to assign the roles to that
    current user?

    Is there something different i have to do in order to make it work elsewhere
    (ie, not within global.asax file).

    Thanks in advance!
    dave, Nov 19, 2003
    #1
    1. Advertising

  2. dave

    Cy Huckaba Guest

    You could leave it in the global.asax page and put a conditional check in the
    logic...for example.

    If roles aren't set
    call db
    set roles

    else
    do nothing

    end if

    We have implemented some code like that for custom form authentication tickets.

    Hope that helps,

    Cy Huckaba



    "dave" <> wrote in message
    news:#NU$...
    > I have code in the Global.asax that adds roles to a logged in user, which
    > all works fine.
    >
    > But, i noticed that every request for a page thereafter runs this code each
    > time - which requires a call to the DB, which is costly.
    >
    > I have tried to run this same piece of code from another page, instead of
    > global.asax, but it never seems to be able to assign the roles to that
    > current user?
    >
    > Is there something different i have to do in order to make it work elsewhere
    > (ie, not within global.asax file).
    >
    > Thanks in advance!
    >
    >
    Cy Huckaba, Nov 19, 2003
    #2
    1. Advertising

  3. dave

    dave Guest

    Thanks

    Did think about that one, but how do you check if a set of role(s) have been
    set for a user?

    Finally, do you know if it is the case that you cant set them anywhere else
    apart from global.asax file. I have seen some samples that dont seem to be
    in global, but those dont seem to work for me either???

    Thanks again.



    "Cy Huckaba" <> wrote in message
    news:...
    > You could leave it in the global.asax page and put a conditional check in

    the
    > logic...for example.
    >
    > If roles aren't set
    > call db
    > set roles
    >
    > else
    > do nothing
    >
    > end if
    >
    > We have implemented some code like that for custom form authentication

    tickets.
    >
    > Hope that helps,
    >
    > Cy Huckaba
    >
    >
    >
    > "dave" <> wrote in message
    > news:#NU$...
    > > I have code in the Global.asax that adds roles to a logged in user,

    which
    > > all works fine.
    > >
    > > But, i noticed that every request for a page thereafter runs this code

    each
    > > time - which requires a call to the DB, which is costly.
    > >
    > > I have tried to run this same piece of code from another page, instead

    of
    > > global.asax, but it never seems to be able to assign the roles to that
    > > current user?
    > >
    > > Is there something different i have to do in order to make it work

    elsewhere
    > > (ie, not within global.asax file).
    > >
    > > Thanks in advance!
    > >
    > >

    >
    >
    dave, Nov 19, 2003
    #3
  4. dave

    Guest Guest

    Do you want this to only happen the first time period that
    the user ever logs in or do you want this to happen every
    time the user starts a new session?

    What about putting your code into the Session_Start in the
    Global.asax (I don't know where you have it now)? And if
    you only want to do it once period, then check first if it
    has already been done before doing it... Either way, it
    would only occur once per user per login so hopefully not
    so bad...



    >-----Original Message-----
    >I have code in the Global.asax that adds roles to a

    logged in user, which
    >all works fine.
    >
    >But, i noticed that every request for a page thereafter

    runs this code each
    >time - which requires a call to the DB, which is costly.
    >
    >I have tried to run this same piece of code from another

    page, instead of
    >global.asax, but it never seems to be able to assign the

    roles to that
    >current user?
    >
    >Is there something different i have to do in order to

    make it work elsewhere
    >(ie, not within global.asax file).
    >
    >Thanks in advance!
    >
    >
    >.
    >
    Guest, Nov 20, 2003
    #4
  5. dave

    Cy Huckaba Guest

    Here is some code that we used to reset a cookie in the authenticateRequest
    method. This was a workaround because 1.0 wouldn't persist cookies across
    subwebs. We had to reset the cookie on every request if they already had one.

    Dim hasClientCookie As Boolean = False

    'client cookie
    Try
    Dim c As HttpCookie
    c = Request.Cookies(ConfigurationSettings.AppSettings("clientid"))
    'if cookie is not there it will bomb out and skip the rest

    c.Path = "/" & ConfigurationSettings.AppSettings("clientid")
    c.Expires = Now.AddDays(90)
    Response.Cookies.Add(c)

    FormsAuthentication.SetAuthCookie(User.Identity.Name, True)

    hasClientCookie = True

    'Response.Write(" : client cookie")

    Catch
    'do nothing
    End Try


    You can see we had access to the User object. I belive you can use that to
    create an IPrincipal object and check roles. I haven't done this specifically
    here so I don't know for sure.

    The other thing is that I did try to use this same functionality outside of the
    global.asax file with no luck as well. It seemed I always had trouble getting a
    reference to the current user or the current http context...it was always
    something.




    "dave" <> wrote in message
    news:...
    > Thanks
    >
    > Did think about that one, but how do you check if a set of role(s) have been
    > set for a user?
    >
    > Finally, do you know if it is the case that you cant set them anywhere else
    > apart from global.asax file. I have seen some samples that dont seem to be
    > in global, but those dont seem to work for me either???
    >
    > Thanks again.
    >
    >
    >
    > "Cy Huckaba" <> wrote in message
    > news:...
    > > You could leave it in the global.asax page and put a conditional check in

    > the
    > > logic...for example.
    > >
    > > If roles aren't set
    > > call db
    > > set roles
    > >
    > > else
    > > do nothing
    > >
    > > end if
    > >
    > > We have implemented some code like that for custom form authentication

    > tickets.
    > >
    > > Hope that helps,
    > >
    > > Cy Huckaba
    > >
    > >
    > >
    > > "dave" <> wrote in message
    > > news:#NU$...
    > > > I have code in the Global.asax that adds roles to a logged in user,

    > which
    > > > all works fine.
    > > >
    > > > But, i noticed that every request for a page thereafter runs this code

    > each
    > > > time - which requires a call to the DB, which is costly.
    > > >
    > > > I have tried to run this same piece of code from another page, instead

    > of
    > > > global.asax, but it never seems to be able to assign the roles to that
    > > > current user?
    > > >
    > > > Is there something different i have to do in order to make it work

    > elsewhere
    > > > (ie, not within global.asax file).
    > > >
    > > > Thanks in advance!
    > > >
    > > >

    > >
    > >

    >
    >
    Cy Huckaba, Nov 20, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Kingscott
    Replies:
    0
    Views:
    481
    Mike Kingscott
    Jun 30, 2003
  2. Nugs

    Application_AuthenticateRequest

    Nugs, Apr 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    1,213
  3. =?Utf-8?B?ZGFubWFuMjI2?=

    Application_AuthenticateRequest cannot read Session variable

    =?Utf-8?B?ZGFubWFuMjI2?=, Apr 18, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    12,454
    Brock Allen
    Apr 18, 2005
  4. Alessio Brizi

    Application_AuthenticateRequest Problem

    Alessio Brizi, Jul 8, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    592
    Alessio Brizi
    Jul 8, 2005
  5. =?Utf-8?B?dGhlIGZyaWVuZGx5IGRpc3BsYXkgbmFtZQ==?=

    When does Application_AuthenticateRequest fires?

    =?Utf-8?B?dGhlIGZyaWVuZGx5IGRpc3BsYXkgbmFtZQ==?=, Dec 22, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    10,681
    Brock Allen
    Dec 22, 2005
Loading...

Share This Page