Last post Feb 22, 2012 02:27 PM by BrockAllen
Feb 03, 2012 06:26 PM|Steve French|LINK
We have an asp.net mvc app which uses forms authentication. It appears that since MS11-100 has been applied, that roles are no longer being cached in the ASXPROLES cookie. It would then follow that an authenticated user's roles would be requeried (in our
case from ldap) on every request for a secured resource.
Feb 22, 2012 02:27 PM|BrockAllen|LINK
Are you using the RoleManager feature in your app? I can't quite tell how you're already doing the caching... worst case scenario you just write the code to cache the role info in ASP.NET data cache and populate those roles into the HttpContext.User in Application_PostAuthenticateRequest
(which is same pipeline event he RoleManager is handling).