Accessing Session Cache from GenericPrincipal.isInRole()

[Richard Maher]

Hi,

Can someone please confirm that Session Cache will not always be
available/accesible from an overriden IPrincipal.isInRole() method?

We obtain the current session state via
((HttpApplication)sender).Session
but *sometimes* get the error "Session state is not available in this
context".

What appears to be happening is when isInRole() is invoked to check
for
sitemap node access then Session State is available but if the chek is
to do
with a web-page url then it is not. Eg: -

Web.sitemap

<siteMapNode roles="ROLE1,ROLE2,ROLE3"

Seems ok.

But when my IsInRole() is called to check the web-page URL access
defined
in web.config eg: -

Web.config

<location path="MyPage.aspx">
<system.web>
<authorization>
<allow roles="CHS_M_AccessThisStuff"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

The exception is raised.

I'd like to not have to re-load the user roles from the database each
time
the isInRole method is invoked after its GenericPrincipal has been
(re)instantiated and Session Cache seemed a convenient place to hold
them
with the added benefit of implicit, transparent, lifecycle management.
There
is always Application Cache or just using the database buffers, but if
someone could rule out Session cache for us altogether that would
help.

Cheers Richard Maher

 

[Richard Maher]

Hi,

Can someone please confirm that Session Cache will not always be
available/accesible from an overriden IPrincipal.isInRole() method?

We obtain the current session state via
((HttpApplication)sender).Session
but *sometimes* get the error "Session state is not available in this
context".

What appears to be happening is when isInRole() is invoked to check
for
sitemap node access then Session State is available but if the chek is
to do
with a web-page url then it is not. Eg: -

Web.sitemap

<siteMapNode roles="ROLE1,ROLE2,ROLE3"

Seems ok.

But when my IsInRole() is called to check the web-page URL access
defined
in web.config eg: -

Web.config

  <location path="MyPage.aspx">
    <system.web>
      <authorization>
        <allow roles="CHS_M_AccessThisStuff"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

The exception is raised.

I'd like to not have to re-load the user roles from the database each
time
the isInRole method is invoked after its GenericPrincipal has been
(re)instantiated and Session Cache seemed a convenient place to hold
them
with the added benefit of implicit, transparent, lifecycle management.
There
is always Application Cache or just using the database buffers, but if
someone could rule out Session cache for us altogether that would
help.

Cheers Richard Maher

Sorry to reply to my own post but this is my first time in this group
and I was wondering if there is a better dotnet newsgroup to pose
authorization questions like mine?

Badly formed question? No one read it as it's from google groups?

It's just that I suspect that we're doing something stupid and
SessionState should be available when our IPrincipal.isInRole() gets
the call. If not, a pointer to the appropriate docs or MSDN article
would be really useful.

Cheers Richard Maher

 

[Richard Maher]

This is primarily a _language_ newsgroup.  Questions specifically about
how to use the C# language are the most on-topic here.

To the extent that everyone using C# is using .NET in one form or
another, you'll see questions that are more about .NET asked and
answered here too.  But the more esoteric the question, the less likely
it is to get answered here.  Even questions about Forms, which is a
pretty broadly-used technology in .NET, sometimes go unanswered here.


Posting from Google Groups will certainly reduce your audience somewhat,
since some people filter posts from their out due to Google's lack of
controlling spam originating from their own servers.

But, in this case it's probably more related to the fact that it looks
like you're asking a question that is specific to ASP.NET, and there's
less expertise here on ASP.NET than you would find in the
ASP.NET-specific newsgroup or forums (I prefer newsgroups, but Microsoft
has just shifted all their officially supported discussions to their web
site, and there are people using third-party web sites like Stack
Overflow as well…in those cases, I believe there are also
ASP.NET-specific forums).

Pete

Thanks Pete,

I'll shop around for an ASP.NET-specific forum.

Cheers Richard Maher