D
David Thielen
Hi;
Well I have this mostly working now - limiting my ASP.NET app to only x
users when under WindowsIdentity.
I can't use HttpApplication.BeginRequest because if the user removes:
<httpModules>
<add type="FormattingHandler" name="FormattingHandler" />
</httpModules>
from Web.Config - then all my license checking goes away.
So I am using global.asax - Session_OnStart() and
Application_PostAuthenticateRequest().
In session start I track if the users can be added and put them in a
hashtable if they can. I also expire old ones there - also kill them in
Session_OnEnd().
Then in PostAuthenticateRequest I check to see if the user making the
request is in the hashtable. If not I do a HttpApplication.Response.Redirect
to my license error page.
This all works great EXCEPT for 1 big problem and 1 little problem:
BIG: I get the first PostAuthenticateRequest before I get the first
Session_OnStart. Why and what event should I sit on instead? This method only
does something if a user is not allowed in (very rare) so it can be late in
the event chain without being a performance hit.
little: I have to check this hashtable on each PostAuthenticateRequest and I
have to lock the access to it as other threads could be calling my app at the
same time. So this is a hit, more the lock than the hashtable lookup. Any
suggestions around this? There can be multiple threads both reading and
writing the hashtable at once.
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
Well I have this mostly working now - limiting my ASP.NET app to only x
users when under WindowsIdentity.
I can't use HttpApplication.BeginRequest because if the user removes:
<httpModules>
<add type="FormattingHandler" name="FormattingHandler" />
</httpModules>
from Web.Config - then all my license checking goes away.
So I am using global.asax - Session_OnStart() and
Application_PostAuthenticateRequest().
In session start I track if the users can be added and put them in a
hashtable if they can. I also expire old ones there - also kill them in
Session_OnEnd().
Then in PostAuthenticateRequest I check to see if the user making the
request is in the hashtable. If not I do a HttpApplication.Response.Redirect
to my license error page.
This all works great EXCEPT for 1 big problem and 1 little problem:
BIG: I get the first PostAuthenticateRequest before I get the first
Session_OnStart. Why and what event should I sit on instead? This method only
does something if a user is not allowed in (very rare) so it can be late in
the event chain without being a performance hit.
little: I have to check this hashtable on each PostAuthenticateRequest and I
have to lock the access to it as other threads could be calling my app at the
same time. So this is a hit, more the lock than the hashtable lookup. Any
suggestions around this? There can be multiple threads both reading and
writing the hashtable at once.
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm