Geek Answers Handbook

How can I save the specific session value required in Application_AuthenticateRequest?

We have a very large web application with many pages. These pages require that we know the role of the user in order to properly display the content. So, in Application_AuthenticationRequest we have this code:

 var id = new GenericIdentity(Request.Headers["ceid"]);
 var rp = new MyRoleProvider();
 var principal = new GenericPrincipal(id, rp.GetRolesForUser(id.Name));
 Context.User = principal;

The problem is that we need to use the web service to get the roles, and since this call is made every time every user visits the page, the web service gets too many times.

An ideal solution would be if we could store the roles in a session variable, however the session is not available in Application_AuthenticateRequest. We considered storing a dictionary with entries for all users in an application variable, but I hope that we can find a better solution.

Is it possible to somehow save the current user roles so that they are accessible inside the Application_AuthenticationRequest? We are very conscious of safety; would a cookie be a valid option?

+4
source share
1 answer

( ): ID , -. .

( ), (20 ).

:

    /// <summary>
    /// This is the static class that will hold the roles for all active users (active users 
    /// are those that have been using the website within the last 20 minutes).
    /// </summary>
    public static class MyRoles
    {
        /// <summary>
        /// This class holds your roles
        /// </summary>
        private class Principal
        {
            private DateTime lastAccess; // Our expiration timer
            private System.Security.Principal.GenericPrincipal principal; // Our roles

            public Principal(System.Security.Principal.GenericPrincipal principal)
            {
                this.principal = principal;
                this.lastAccess = DateTime.Now;
            }

            public System.Security.Principal.GenericPrincipal GenericPrincipal
            {
                get
                { 
                    // We reset our timer. It will expire 20 minutes from now. 
                    this.lastAccess = DateTime.Now;

                    return principal;
                }
            }                                

            /// <summary>
            /// This tells us if a user has been active in the last 20 minutes
            /// </summary>
            public bool IsValid
            {
                get
                {
                    // Valid within 20 minutes from last call
                    return DateTime.Now <= this.lastAccess.AddMinutes(20);                        
                }
            }
        }

        /// <summary>
        /// This will hold IDs and related roles
        /// </summary>
        private static Dictionary<string, Principal> ids = new Dictionary<string, Principal>();

        /// <summary>
        /// Method to retrieve roles for a given ID
        /// </summary>
        /// <param name="header">Our ID</param>
        /// <returns></returns>
        public static System.Security.Principal.GenericPrincipal GetRoles(string header)
        {
            if (ids.ContainsKey(header) && ids[header].IsValid)
            {
                // We have roles for this ID
                return ids[header].GenericPrincipal;
            }
            else
            {
                // We don't have this ID (or it expired) so get it from the web service
                var id = new System.Security.Principal.GenericIdentity(header);
                var principal = new System.Security.Principal.GenericPrincipal(id, new MyRoleProvider().GetRolesForUser(id.Name));

                // Store roles
                ids.Add(header, new Principal(principal));

                return principal;
            }
        }            
    }

    protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        // This is how we use our class
        var principal = MyRoles.GetRoles(Request.Headers["ceid"]);
    }

, , GenericPrincipal. , , ( ) Session.

20 Session_End, , ( InProc).

, , , . (2 -), .

, . , , , , :)

+1

More articles:


All Articles