M
Mike Kingscott
Hi there,
Getting into ASP.Net finally, looks good but I'm having a bit of
trouble here. I'm protecting my web site via form-based security (I
won't go into the ins and outs, suffice to say it's all in one
web.config file and not amazing). Basically, I'm holding a list of
roles in a database for each user. Once the user has got past the
login form, the Application_AuthenticateRequest fires. In there, I'm
doing a database lookup on the user and then creating a
GenericPrincipal using the User's Identity and the array of roles.
It's great, it works, cool.
UNFORTUNATELY, IT RUNS EVERY TIME THE PAGE IS LOADED. So that's a
database lookup every time a page is requested - not good enough. I
can't even store the array of roles in a Session variable because you
don't get access to the session variable in
Application_AuthenticateRequest , doh!
I wish to keep my roles in the db, and I don't want to keep a list of
users and passwords in the web.config file, or read them out of an XML
file ('cos that would be the same problem).
Any suggestions?
Kind regards,
Mike Kingscott
Getting into ASP.Net finally, looks good but I'm having a bit of
trouble here. I'm protecting my web site via form-based security (I
won't go into the ins and outs, suffice to say it's all in one
web.config file and not amazing). Basically, I'm holding a list of
roles in a database for each user. Once the user has got past the
login form, the Application_AuthenticateRequest fires. In there, I'm
doing a database lookup on the user and then creating a
GenericPrincipal using the User's Identity and the array of roles.
It's great, it works, cool.
UNFORTUNATELY, IT RUNS EVERY TIME THE PAGE IS LOADED. So that's a
database lookup every time a page is requested - not good enough. I
can't even store the array of roles in a Session variable because you
don't get access to the session variable in
Application_AuthenticateRequest , doh!
I wish to keep my roles in the db, and I don't want to keep a list of
users and passwords in the web.config file, or read them out of an XML
file ('cos that would be the same problem).
Any suggestions?
Kind regards,
Mike Kingscott