If you are using Forms Authentication, you can create the Forms ticket
programmatically and store the user's role(s) info as a delimited string in
the userData property of the ticket. Since this is serialized into the Forms
auth cookie and can be read back out on each request, there is no need for
Session.
-- Peter
Site:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
Short Urls & more:
http://ittyurl.net
"Peter Morris" wrote:
> Hi all
>
> First I want to say that I don't want to implement the membership providers.
> I'm writing some specific documentation, and those come into it later :-)
>
> I am using Forms authentication in a website. I want access to different
> areas based on roles. When the user logs in I determine their roles as a
> string[]. The problem is that to set those roles for Forms authentication I
> need to create the new System.Security.Principal.GenericPrincipal in
> Application_AuthenticateRequest.
>
> The problem with this is that the Session[] is null. In the past I have
> stored the role information in Application[], but if I want to move my
> session state into a DB so that my site can be farmed my Application[] will
> not get carried across will it?
>
> So, what should I do?
>
>
> Thanks
>
> Pete
>
>
>
