Geek Answers Handbook

ASP.NET Custom RoleProvider does not comply cacheRolesInCookie = "true"

I implemented a custom role provider and configured it in my web.config file as follows:

<roleManager enabled="true" defaultProvider="TDRoleProvider" cacheRolesInCookie="true"> <providers> <clear/> <add name="TDRoleProvider" type="TDRoleProvider"/> </providers> </roleManager>

I overridden the GetRolesForUser function in my custom role provider and I entered it and it works just fine - it loads 60 roles for the user I'm testing with. However, I noticed that GetRolesForUser is called on every request that calls User.IsInRole. In other applications that I wrote, he calls them only once, and then caches the result in a cookie. For some reason, caching does not work for this application. Any ideas as to why?

+6
cookies forms-authentication roleprovider
source share
3 answers

http://connect.microsoft.com/VisualStudio/feedback/details/104688/rolemanager-cacherolesincookie-option-does-not-work

"The question of when to cache (or not cache) in RolePrincipal went through many iterations of the project, and we finally settled on caching for the method opened by the IPrincipal interface (i.e., IsInRole)."

+2
source share

I had the same problem. In my case, the problem was that I installed Context.User in the GenericPrincipal and not in the RolePrincipal. Therefore, instead of:

 this.Context.User = new GenericPrincipal(customIdentity, roles);

this is fixed for me:

  HttpCookie roleCookie = this.Context.Request.Cookies[Roles.CookieName]; if (IsValidAuthCookie(roleCookie)) { this.Context.User = new RolePrincipal(customIdentity, roleCookie.Value); } else { this.Context.User = new RolePrincipal(customIdentity); var x = this.Context.User.IsInRole("Visitor"); // do this to cache the results in the cookie }

The IsValidAuthCookie method checks for null and empty:

  private static bool IsValidAuthCookie(HttpCookie authCookie) { return authCookie != null && !String.IsNullOrEmpty(authCookie.Value); }

UPDATE: after upgrading to MVC5.NET 4.5, the roleManager stops working (without saving the role in the cookie), so I had to save it myself:

  HttpCookie roleCookie = filterContext.HttpContext.Request.Cookies[Roles.CookieName]; if (IsValidAuthCookie(roleCookie)) { filterContext.Principal = new RolePrincipal(customIdentity, roleCookie.Value); RolePrincipal rp = (RolePrincipal)filterContext.Principal; if (!rp.IsRoleListCached) // check if roles loaded properly (if loads old cookie from another user for example, roles won't be loaded/cached). { // roles not loaded. Delete and save new Roles.DeleteCookie(); rp.IsInRole("Visitor"); // load Roles SaveRoleCookie(rp, filterContext); } } else { filterContext.Principal = new RolePrincipal(customIdentity); filterContext.Principal.IsInRole("Visitor"); // do this to cache the results in the cookie. SaveRoleCookie(filterContext.Principal as RolePrincipal, filterContext); }

Save Role

  private void SaveRoleCookie(RolePrincipal rp, AuthenticationContext filterContext) { string s = rp.ToEncryptedTicket(); const int MAX_COOKIE_LENGTH = 4096; if (string.IsNullOrEmpty(s) || s.Length > MAX_COOKIE_LENGTH) { Roles.DeleteCookie(); } else { HttpCookie cookie = new HttpCookie(Roles.CookieName, s); cookie.HttpOnly = true; cookie.Path = Roles.CookiePath; cookie.Domain = Roles.Domain; if (Roles.CreatePersistentCookie) cookie.Expires = rp.ExpireDate; cookie.Secure = Roles.CookieRequireSSL; filterContext.HttpContext.Response.Cookies.Add(cookie); } }

Put this code in an AuthenticationFilter and register it worldwide. See here .

+3
source share

The same is true for me. It keeps calling GetRolesForUser ()

+1
source share

More articles:


All Articles