By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,190 Members | 1,503 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,190 IT Pros & Developers. It's quick & easy.

Form-based security and Application_AuthenticateRequest - help?!

P: n/a
Hi there,

Getting into ASP.Net finally, looks good but I'm having a bit of
trouble here. I'm protecting my web site via form-based security (I
won't go into the ins and outs, suffice to say it's all in one
web.config file and not amazing). Basically, I'm holding a list of
roles in a database for each user. Once the user has got past the
login form, the Application_AuthenticateRequest fires. In there, I'm
doing a database lookup on the user and then creating a
GenericPrincipal using the User's Identity and the array of roles.
It's great, it works, cool.

database lookup every time a page is requested - not good enough. I
can't even store the array of roles in a Session variable because you
don't get access to the session variable in
Application_AuthenticateRequest , doh!

I wish to keep my roles in the db, and I don't want to keep a list of
users and passwords in the web.config file, or read them out of an XML
file ('cos that would be the same problem).

Any suggestions?

Kind regards,

Mike Kingscott
Nov 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.