Passing UserGUID to the Custom Role Provider
in [ASP .NET]
|
Prev: Visual Studio 2010 puts 4.0 classes into 3.5 ASP.NET project
Next: How to do an ASP.NET solution with client-side tabbed functionalit
From: Temoc on 21 Jun 2010 20:11 I am implementing a Custom Membership and Role Provider against SQL Database using Visual Studio 2010. Most of the data on the website is associated with the UserGUID rather than the UserName. On the membership provider I am storing the userGUID as follows: HttpContext.Current.Session.Add("UserGuid",System.Convert.ToString(reader["UserGuid"])); I can easily access this value on any of web pages However on my Custom Role Provider the HttpContext.Current.Session is null. Question 1 Where do I store the UserGUID on my membership provider so I access it on my Role Provider? Question 2 I would like also to cache the roles for the logged user so that GetRolesForUser(string username) won't have to be accessing the database every time the user changes pages instead I would read it from cache if available. Where would be a secure place to store these values? Thanks for the help
From: Mr. Arnold on 21 Jun 2010 21:05
Temoc wrote: > I am implementing a Custom Membership and Role Provider against SQL Database > using Visual Studio 2010. > Most of the data on the website is associated with the UserGUID rather than > the UserName. On the membership provider I am storing the userGUID as > follows: > HttpContext.Current.Session.Add("UserGuid",System.Convert.ToString(reader["UserGuid"])); > I can easily access this value on any of web pages However on my Custom Role > Provider the HttpContext.Current.Session is null. > Question 1 > Where do I store the UserGUID on my membership provider so I access it on > my Role Provider? > Question 2 > I would like also to cache the roles for the logged user so that > GetRolesForUser(string username) won't have to be accessing the database > every time the user changes pages instead I would read it from cache if > available. Where would be a secure place to store these values? You would cache the information on a back-end application Web server, and you would retrieve the information using a Web service. The Web service would read cache first (cache on a timer) and if null for the user, the service would go back to the database and persist it back to cache on the back-end application Web server. As far as the GUID what's wrong in passing it as a parm on the URL to every page on a Response Redirect to the page? |