The Principal and Identity objects are supposed to implement IsInRole so
that you can always have that information handy for each user.
===========================================
In my Principal class I have:
'Implements the IsInRole property defined by IPrincipal.
Public Function IsInRole(ByVal Role As String) As Boolean Implements
IPrincipal.IsInRole
Return mIdentity.IsInRole(Role)
End Function
===========================================
In my Identity class I have code like this (air code)
Private mRoles As New ArrayList
Friend Function IsInRole(ByVal role As String) As Boolean
Return mRoles.Contains(role)
End Function
'get user roles
dr = DAL.ExecuteReader(myDAO.GetRoles())
While dr.Read
mRoles.Add(dr.GetString(dr("role")))
End While
==============================
In Global.asax AcquireRequestState you attach your Principal to the thread
and you now have th Roles available through your User object. If you cast it
to your custom Principal object you have any other data you extracted that
is useful (like Name, UserID, etc.)
Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.AcquireRequestState
If Not Session("myPrincipal") Is Nothing Then
Thread.CurrentPrincipal = CType(Session("myPrincipal"),
MyCustomPrincipal)
HttpContext.Current.User = CType(Session("myPrincipal"),
MyCustomPrincipal)
Else
If Thread.CurrentPrincipal.Identity.IsAuthenticated = True Then
Web.Security.FormsAuthentication.SignOut()
Server.Transfer(Request.ApplicationPath + "/Login.aspx")
End If
End If
End Sub
--
Joe Fallon
"AndiV" <an***@yahoo.com> wrote in message
news:ub**************@TK2MSFTNGP11.phx.gbl...
Each of my intranet page (windows authentication) needs to validate user's
roles stored in the database. Currently, I retrieve the the
User.Identity.Name property, then query the database for user's roles
everytime a page is loaded, which is very inefficient.
I think a more efficient approach would be to query the database only once
for each user, the application_start event is probably the best place?
Once this particular user's roles are retrieved, the roles can be concatenated
as a delimied string and stored in cookie or a session variable. Then on each
page load event, I just have to parse the roles string to apply
authorization.
I believe this scheme will work. But it seems more like a hack than a
design pattern or a best practice. I'm seeking a .NET elegant solution. Please
advise.
TIA,
Andi
