Re: Need help improving authorization
From: Chris Simmons (newsgroup.replies_at_netchris.com)
Date: 07/21/04
- Next message: Richard: "setting the focus on a textbox"
- Previous message: Scott Allen: "Re: help??"
- In reply to: AndiV: "Need help improving authorization"
- Next in thread: Joe Fallon: "Re: Need help improving authorization"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 21 Jul 2004 17:09:06 -0400
On Wed, 21 Jul 2004 11:11:25 -0700, "AndiV" <andiv@yahoo.com> wrote:
>Each of my intranet page (windows authentication) needs to validate user's
>roles stored in the database. Currently, I retrieve the the
>User.Identity.Name property, then query the database for user's roles
>everytime a page is loaded, which is very inefficient.
>
>I think a more efficient approach would be to query the database only once
>for each user, the application_start event is probably the best place? Once
>this particular user's roles are retrieved, the roles can be concatenated as
>a delimied string and stored in cookie or a session variable. Then on each
>page load event, I just have to parse the roles string to apply
>authorization.
>
>I believe this scheme will work. But it seems more like a hack than a design
>pattern or a best practice. I'm seeking a .NET elegant solution. Please
>advise.
>
>TIA,
>Andi
>
I'd say go with your plan (except I hope you mean Session_Start, not
Application_Start).
I'd put your method to authenticate and authorize the user in some
public-accessible place so that you can use it from Session_Start
*and* your pages/controls if you need to re-query at some point during
the same session.
-- Thanks, Chris Simmons
- Next message: Richard: "setting the focus on a textbox"
- Previous message: Scott Allen: "Re: help??"
- In reply to: AndiV: "Need help improving authorization"
- Next in thread: Joe Fallon: "Re: Need help improving authorization"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
