Are there still problems with role provider caching of roles?

Hi

I'm about to write some custom membership and role providers but have noticed a number of forums and blogs mentioning a known problem when caching roles using the Roles config setting "cacheRolesInCookie=true". However I've not found anywhere that says what the problem is, just that it doesn't always work! Does anyone know if this was fixed in .Net 2.0 SP1?

The recommendation seems to be to write your own caching functionality in the custom role provider. What would you folks recommend - application cache or session state? I'm discounting cookies as there may be a lot of roles per user and I'm worried about exceeding the cookie size (we are a large govt organisation with many apps), or would a "cookie-per-app" be feasible?

Can anyone elaborate?

Thanks in advance

Andy

0
andyste1
2/5/2008 12:11:02 PM
asp.net.security 27051 articles. 1 followers. Follow

0 Replies
1016 Views

Similar Articles

[PageSpeed] 0
Get it on Google Play
Get it on Apple App Store

Reply:

Similar Artilces:

Roles, roles, roles
Hey is it posible o have a role for a user to only update the content? I don't want that user to change skins or to make other admin changes... up I think if you allow a role to edit contents on a module level he wont be able to change anything else. Did you try that? cheers, erikErik van Ballegoij, The Netherlands if you allow a role to edit contents in a module lets say discussions module, then that role will be able to edit, delete the threads. so for a role to be able to add new thread only, do we need to write our own code?-keeara g------------------ keeara, see...

Duplicate Security Roles Showing up In Security Roles Manager
Anyone have any ideas?  We have had and instance of 3.0.13 with one child portal running for about a month now.  A few days ago our adminstrator noticed that we have duplicate entries for security roles. For example, the Security Roles Manager shows:Name Description Fee Every Period Trial Every Period Public Auto   Administrators Portal Administration         False False   Administrators Portal Administration         False False  Registered Users Registered Users    &n...

Role Manager role problem
Hi, I've been giving a user (let's call him userA) the Role Manager role, without creating any container to which this userA is a trustee. This userA has access to the Assign Roles, and can therefore browse the users to assign roles to. When i choose a userB in using this browsing method, i can see which roles he has access to, and moreover i can delete them, even if my userA hasn't any Trustee right on the role to be deleted (or its container). Any idea why ? I would like to avoid this behavior, which is not secure to my mind. Any idea what i'm doing wrong ...

Problems implementing role security (.Net 1.1)
I'm having a problem implementing role based security.  Here's my code:   Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) ' Fires upon attempting to authenticate the use If Not HttpContext.Current.User Is DBNull.Value Then If HttpContext.Current.User.Identity.AuthenticationType = "Forms" Then Dim id As Web.Security.FormsIdentity = CType(HttpContext.Current.User.Identity, Web.Security.FormsIdentity) Dim ticket As Web.Security.FormsAuthenticationTicket = id.Ticket Dim userData As String = ticket.User...

Roles not working without role provider ?
Hallo,i created a web site by using the standard asp.net 3.5 Membership Provider and the Role Manager.I have used a sitemap with securityTrimmingEnabled enabled and i have set the roles i need for each seperate folder. Everything worked perfectly. Now, i changed my authorization procedure and i removed the memberhip provider, as long as i needed some functionallity it didn;t provide me.I builded a "default" authorization procedure by using a login button, creating the Cookie and the ticket and also i do handle the  Application_AuthenticateRequest.The sitempap seems to be ...

Membership and Roles
Hi all, Is there a way to allow the user choose a role from a selection you provide them with? e.g. I have 3 types of users: admin, contractor, and landlord. Of course I don't want them to be able to assign themselves admin role, so how would I proceed? (I'm using C# by the way) This is what I have so far. Please note "Roles...();" is where I am stuck: -within my aspx page i have: <asp:WizardStep ID="CreateUserWizardStep2" runat="server" Title="Contractor or Landlord?"> <asp:ListBox ID="ListBox1" runat=&q...

Security role problem
I work for Vancouver Port Authority and we are using the portal quite extensively. I have created a portal for our Canada Place Move and I have set up a security role that will allow certain individuals the ability to add files to our site. My problem is that when I enforce this role in a particular module giving it the right to edit/modify it I get a message that says the following: "Edit Access Denied" "Either you are not logged in, or you do not have access to modify the current portal module content" I don't want to set up these individuals with full admin r...

Having problem to implement --- Custom Membership Provider & Role Provider
Hi guys, there are many interesting posts in this security thread to implement the custom membership provider & role provider. It helps me a lot. But I m having a problem to implement it. I've got the loging page - Login.aspx and create new user page - CreateNewUser.aspx. And a Membership Provider class - clsMembershipProvider.vb in App_Code folder. The codin inside the Membership Provider Class - clsMembershipProvider.vb is as follow: Imports Microsoft.VisualBasic     Imports SystemImports System.WebImports System.Web.SecurityImports System.Configuration.Provide...

Role provider in a roles-per-object scenario
Hi there,I'm just starting to migrate to ASP.NET 2.0 from ASP.NET 1.x and I'm intrigued by the ease of use of the Membership/Role providers but I have a question that I'm hoping someone will be able to help with.I have a custom security model in a 1.x application that applies role based security but applies the roles on a per-object basis.  I guess the closest parallel I can draw is the use of file system permissions in NTFS whereby a user would have designated permissions such as Read, Write, Delete etc. on specific files or folders.  In my case it's to do with edi...

Public role and auto assign under security roles
Greetings, What do the check boxes public role and auto assign under security roles mean and how does one use them? Thanks in advance, Dave Public role means that users can choose to "join" those roles by selecting the checkboxes for those roles at the bottom of their user profile page. Auto Assign assigns new registered users to that particular role automatically. HTH JeremyJeremy WhiteWebstone, LLCMy DNN Blog...

Roles.Provider.IsUserInRole Vs Roles.IsUserInRole
Hi world, What is  the difference between the methods above? I've noticed that Roles.IsUserInRole() has one overload whereas Roles.Provider.IsUserInRole  has none. Thanks -- Ask and it will be given to you; seek and you will find; knock and the door will be opened to you. Luke 11:9 they are just overloads.  the provider actually calls the same thing inside the code.Peter Kellnerhttp://73rdstreet.com and blogging athttp://PeterKellner.netMVP, ASP.NET  Absolutely no difference? -- Ask and it will be given to you; seek and you will find; knock and the ...

Security administration, assign a role to the role domain
Hi, Should that be possible or not? Looking at the GUI it should but I get "Failed to create 1 role assignment request(s). You are unauthorized for this operation.". A work around is to create a group but why involve a group when all users that should be able to assign members to specific roles already are in a role for those administrators? Best regards, Tobias Tobias, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might...

Updating roles list with AzMan role provider
Hi. I'm having problems with an authorization store role provider that I'm using in my web site. The problem is the updating of the roles cookie I guess. For exmaple, If a query the existing roles in a listbox in my web form from the AzMan store I get the full list in the XML file (OK to the moment), but if I create a rol programatically or add a user to a role or whatever related to writing or modifiyng the file, I don`t get the changes at the moment when a execute the GetAllRoles method, not even if I close the page and restart it again!. Actually, if I modifiy the AzMan store through the ...

security and role management problem
dear      I made a login page using ASP.net Ide using SQL server express 2005.but now i want to utilige it in sqlserver2005 professional in win2003 platform but its not working when i run the project.so help me to do this or give me suggassion ................                                                     &nb...

Web resources about - Are there still problems with role provider caching of roles? - asp.net.security

Problem novel - Wikipedia, the free encyclopedia
Working class, or proletarian novels are often also social problem novels . This was in many ways a reaction to rapid industrialization , and ...

State of the Service report: Not enough people moving, engagement and sickies the big problems
The rundown of the problems and good points for 150,000 federal public servants.

Scott Morrison will no longer be able to claim there's no revenue problem
Left unchecked, extraordinarily generous concessions on superannuation will land our tax system in danger.

Open Thread: “Whisper Campaigns and Zipper Problems”
... attach names to narratives like this, then JEB! is TOAST! (at least in 2016). And second, the “well known” rumors that Rubio’s financial problems ...

Dick’s Sporting Goods athleisure problem - Business Insider Deutschland
Dick's Sporting Goods has sold athletic apparel for decades. But now, the retailer faces more competition than ever.

November 2015: Unofficial Problem Bank list declines to 255 Institutions
This is an unofficial list of Problem Banks compiled only from public sources. Here is the unofficial problem bank list for November 2015. Changes ...

Trump loss equals Trump problem
Even if Donald Trump loses in Iowa, his success thus far will still present a problem for the GOP, Politico's Ben White says.

Tri-Valley has no problem against Auburn to win 2A title
... form Search 39° Navigation Home Blackhawks Bulls Cubs White Sox Bears Fire Notre Dame Preps More Tickets Shop Watch Tri-Valley has no problem ...

This week in the war on workers: Rising federal taxes aren't the problem for the middle class
Turns out, federal taxes on the middle class aren’t so high these days: Note that the figure includes all federal taxes—the income tax rate ...

Chromebook Pixel 2015 Review: Great Laptop, One Big Problem
Chromebook Pixel 2015 Review: Great Laptop, One Big Problem

Resources last updated: 12/1/2015 5:36:49 PM