By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,963 Members | 1,046 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,963 IT Pros & Developers. It's quick & easy.

is the HTTPCONTEXT.current.user content encrypted with session state??

P: n/a
hi all
I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be load
rights for the current user alone with the roles. now I wonder if the USER
object be encrypted and send to the client?

what I my concern is when the roles and rights become large, it will effect
the performance.


Nov 19 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Session state is not sent to the client - only a cookie is sent to the client
with a session identifier. The server can examine the ID in the cookie and
look up the session state when a request arrives.

--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.

Nov 19 '05 #2

P: n/a
HTTPCONTEXT is not part of the session state. I mean the _viewstate that is
hidden in the html to the client.
"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.


Nov 19 '05 #3

P: n/a
When you use Windows Authentication, there is no user information persisted
within the viewstate.
"Kevin Yu" <ky*@nrcan.gc.ca> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
HTTPCONTEXT is not part of the session state. I mean the _viewstate that is hidden in the html to the client.
"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.



Nov 19 '05 #4

P: n/a
I apologize - I don't know why I thought you were talking about session state,
but as David points out - there is no user information in viewstate with
windows auth. Google for "viewstate decoder" and you can find a little utility
to poke through the contents of the viewstate.

--
Scott
http://www.OdeToCode.com/blogs/scott/
HTTPCONTEXT is not part of the session state. I mean the _viewstate
that is hidden in the html to the client.

"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to
the
client with a session identifier. The server can examine the ID in
the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in
a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if
the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.

Nov 19 '05 #5

P: n/a
sorry, I mean the viewstate, of course the session state will not be
transfered to the client.
but is httpcontext.current.user content in the _VIEWSTATE string in the
html??

"Scott Allen" <sc***@nospam.OdeToCode.com> wrote in message
news:53*********************@msnews.microsoft.com. ..
Session state is not sent to the client - only a cookie is sent to the
client with a session identifier. The server can examine the ID in the
cookie and look up the session state when a request arrives.
--
Scott
http://www.OdeToCode.com/blogs/scott/
hi all

I use a custom windows principal to the httpcontext.current.user in a
windows authenitcation asp.net app. There are other objects added to
the
principal. during the
WindowsAuthentication_OnAuthenticate() call, the principal will be
load
rights for the current user alone with the roles. now I wonder if the
USER
object be encrypted and send to the client?
what I my concern is when the roles and rights become large, it will
effect the performance.


Nov 19 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.