473,412 Members | 4,594 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > is the httpcontext.current.user content encrypted with session state??

Join Bytes to post your question to a community of 473,412 software developers and data experts.

is the HTTPCONTEXT.current.user content encrypted with session state??

hi all
I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be load
rights for the current user alone with the roles. now I wonder if the USER
object be encrypted and send to the client?

what I my concern is when the roles and rights become large, it will effect
the performance.


Nov 19 '05 #1
5 2543
Session state is not sent to the client - only a cookie is sent to the client
with a session identifier. The server can examine the ID in the cookie and
look up the session state when a request arrives.

--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.

Nov 19 '05 #2
HTTPCONTEXT is not part of the session state. I mean the _viewstate that is
hidden in the html to the client.
"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.


Nov 19 '05 #3
When you use Windows Authentication, there is no user information persisted
within the viewstate.
"Kevin Yu" <ky*@nrcan.gc.ca> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
HTTPCONTEXT is not part of the session state. I mean the _viewstate that is hidden in the html to the client.
"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.



Nov 19 '05 #4
I apologize - I don't know why I thought you were talking about session state,
but as David points out - there is no user information in viewstate with
windows auth. Google for "viewstate decoder" and you can find a little utility
to poke through the contents of the viewstate.

--
Scott
http://www.OdeToCode.com/blogs/scott/
HTTPCONTEXT is not part of the session state. I mean the _viewstate
that is hidden in the html to the client.

"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to
the
client with a session identifier. The server can examine the ID in
the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in
a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if
the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.

Nov 19 '05 #5
sorry, I mean the viewstate, of course the session state will not be
transfered to the client.
but is httpcontext.current.user content in the _VIEWSTATE string in the
html??

"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.


Nov 19 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
How to test for HttpContext.Current.Session variable
by: moondaddy | last post by:
I need to set a variable to a session variable (if that's what you call it) like this: dim ds as dataset = HttpContext.Current.Session("CustDataSet") But I get an exception if this variable...
ASP.NET
4
HTTPContext in Threading
by: Makarand Keer | last post by:
Hi All I have problem in using Threading. I have ASP.NET application in which I am using multithreading to start a process. Now the object instances which are used in this thread access...
ASP.NET
15
Session vars vs. HttpContext.Current.User
by: Jason | last post by:
Currently, I am storing information about the currently logged on user in Session variables that are stored in SQL. However, I am using role-based security, so I am storing custom roles in a...
ASP.NET
7
ASP.Net hell -> HttpContext.Items
by: Keith Patrick | last post by:
After completely giving up on finding some way in my ASP.Net app to take a query string URL and redirect to it as a POST instead, I went with a system like so: Upon "redirection," all the...
ASP.NET
3
What is HttpContext State?
by: ad | last post by:
I find a line in a Web application like: myString=(string)HttpContext.Current.Items; I used to use myString=(string)Application; or myString=(string)ViewState; I know about the difference...
ASP.NET
3
HttpContext.Current.User doesn't persist in child app
by: John Dalberg | last post by:
I am setting the HttpContext.Current.User in the Application_AuthenticateRequest event in global.asax.cs. When I use the IsInRole function in a web page, it works fine. So far so good. (Note that...
ASP.NET
9
customize the httpcontext.current.user
by: Victor | last post by:
Hi all Does anyone has any reference or examples about how to customize the httpcontext.current.user object to my own user object? Cheers Victor
ASP.NET
8
HttpContext.Current.Session is null
by: eric | last post by:
I have a 2.0 asp.net project. In a class contained within a seperate project, I am trying to reference HttpContext.Current.Session but Session is always null. I've tried implementing...
ASP.NET
14
HttpContext.Current.Session==null in .cs file
by: R.A.M. | last post by:
Hello, I have created ASP.NET project in which I have a file Admin.cs. It contains static class Admin with some methods and properties. The problem is that in property get a reference...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!