Custom RoleProvider question -- saving roles

B

Burak Gunay

Hello,

I derived a custom provider from the provider class. I then set

cookieless="UseUri"

in the web.config, because we don't want data stored on client
machines.

Everytime a page with an <asp:loginview> is called, the Role Provider
page
gets called and the database gets queried.

I tried to save the roles() as a session variable in the Role Provider
page but since that page is a vb class, it does not recognize the
Session class.

How can we save the roles() info so that we don't have to hit the
database
each time to figure out the roles assigned to a user?

Thanks,

Burak
 
D

Dominick Baier [DevelopMentor]

Uri does not support caching.

but you don't store anything on the clients machine when you use cookies
- just don't set the persist attribute to true (false is the default)
 
B

Burak Gunay

Dominick,

I set the authentication to use cookies in web.config as follows

<forms name=".ASPXAUTH"
loginUrl="LoginPage.aspx"
timeout="30"
cookieless="UseCookies">

it still went into GetRolesForUser function in each page that has a
loginview in it. Meaning it was not storing the roles info anywhere..
it had to hit the database to get it each time.

Any other ideas?

Thanks,

Burak
 
D

Dominick Baier [DevelopMentor]

roles are cached in a cookie called .aspxroles by default - the caching and
persistence settings are in <roleManager>

the <forms> settings configures how the authentication ticket state is maintained.

these are two distinct cookies in this case.
 
M

MikeS

since that page is a vb class, it does not recognize the Session class

HttpContext.Current.Session does not work for you?
 
B

Burak Gunay

Dominick,

I changed the web.config as follows

<roleManager defaultProvider="MyRoleProvider" enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPXROLES"
cookiePath="/"
cookieTimeout="30"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
createPersistentCookie="false"
cookieProtection="All">

and you are right, it did not hit the database again, it just used the
data in the cookie.

If this cookie is not being written/stored on the user's machine, then
where is it being stored?

Thanks,

Burak
 
D

Dominick Baier [DevelopMentor]

it is cached in the memory of the browser - and will be gone when the user
closes the browser window.

I would not use slidingExpiration here - this guarantees the you get updated
role information every 30 min.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top