M
matt
hello,
im familar w/ *forms* based authentication, and i have coded several
public-facing web sites that authenticate w/ a forms-based login page;
then get back an array of user roles, and from global.asax.cs's
Application_AuthenticateRequest() assign the roles to the
Security.Principal user.
now i am working on a *windows* based authentication webapp for an
intranet. all users use the windows network to login, and then they
bring up my webapp.
ive set up IIS & web.config, so i have no trouble grabbing their
User.Identity.Name (their windows login). cool. and since i am able to
use global.asax.cs's Application_AuthenticateRequest() i can retrieve
their db-stored roles assign it to the Security.Principal user. cool.
the problem? "Application_AuthenticateRequest()" gets called on every
single page request, which means a hit to the database to get the
user's roles every single pageload. is this normal? (i cant remember if
thats how my prior forms-based webapps worked, too..) if it is normal,
what is the best practice -- deal w/ it? use the Session to cache the
user's roles?
here is my code:
protected void Application_AuthenticateRequest(Object sender,
EventArgs e)
{
if (Request.IsAuthenticated)
{
System.Web.HttpContext context = System.Web.HttpContext.Current;
string userName = context.User.Identity.Name; //format:
DOMAIN\user.name
//populate my app-user (gets roles from database)
AppUser myUser = AppUser(userName);
//assign its roles to security model
context.User = new
System.Security.Principal.GenericPrincipal(User.Identity,
myUser.Roles);
}
}
thanks!
matt
im familar w/ *forms* based authentication, and i have coded several
public-facing web sites that authenticate w/ a forms-based login page;
then get back an array of user roles, and from global.asax.cs's
Application_AuthenticateRequest() assign the roles to the
Security.Principal user.
now i am working on a *windows* based authentication webapp for an
intranet. all users use the windows network to login, and then they
bring up my webapp.
ive set up IIS & web.config, so i have no trouble grabbing their
User.Identity.Name (their windows login). cool. and since i am able to
use global.asax.cs's Application_AuthenticateRequest() i can retrieve
their db-stored roles assign it to the Security.Principal user. cool.
the problem? "Application_AuthenticateRequest()" gets called on every
single page request, which means a hit to the database to get the
user's roles every single pageload. is this normal? (i cant remember if
thats how my prior forms-based webapps worked, too..) if it is normal,
what is the best practice -- deal w/ it? use the Session to cache the
user's roles?
here is my code:
protected void Application_AuthenticateRequest(Object sender,
EventArgs e)
{
if (Request.IsAuthenticated)
{
System.Web.HttpContext context = System.Web.HttpContext.Current;
string userName = context.User.Identity.Name; //format:
DOMAIN\user.name
//populate my app-user (gets roles from database)
AppUser myUser = AppUser(userName);
//assign its roles to security model
context.User = new
System.Security.Principal.GenericPrincipal(User.Identity,
myUser.Roles);
}
}
thanks!
matt