We have an asp.net mvc app which uses forms authentication. It appears that since MS11-100 has been applied, that roles are no longer being cached in the ASXPROLES cookie. It would then follow that an authenticated user's roles would be requeried (in our
case from ldap) on every request for a secured resource.
Are you using the RoleManager feature in your app? I can't quite tell how you're already doing the caching... worst case scenario you just write the code to cache the role info in ASP.NET data cache and populate those roles into the HttpContext.User in Application_PostAuthenticateRequest
(which is same pipeline event he RoleManager is handling).
None
0 Points
1 Post
MS11-100 roles caching
Feb 03, 2012 06:26 PM|Steve French|LINK
We have an asp.net mvc app which uses forms authentication. It appears that since MS11-100 has been applied, that roles are no longer being cached in the ASXPROLES cookie. It would then follow that an authenticated user's roles would be requeried (in our case from ldap) on every request for a secured resource.
Thoughts?
All-Star
20376 Points
6505 Posts
ASPInsiders
MVP
Re: MS11-100 roles caching
Feb 22, 2012 02:27 PM|BrockAllen|LINK
Are you using the RoleManager feature in your app? I can't quite tell how you're already doing the caching... worst case scenario you just write the code to cache the role info in ASP.NET data cache and populate those roles into the HttpContext.User in Application_PostAuthenticateRequest (which is same pipeline event he RoleManager is handling).
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/