Home/ Questions/Q 7833101
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T12:33:53+00:00

At present on login I am inserting a row for the user into an

  • 0

At present on login I am inserting a row for the user into an AccessSession table that keeps details of what roles the user has along with the ASP.NET_SessionId cookie.

My custom implementation of the GetRolesForUser method of this is:

public override string[] GetRolesForUser(string username)
    {
        List<string> roles = new List<string>();
        string[] rolesArray;
        char[] splitter = { '|' };            

        string sessionId = HttpContext.Current.Request.Cookies["ASP.NET_SessionId"].Value;
        AccessSession sessionObject = AccessSession.Get(sessionId);

        if (sessionObject != null)
        {
            rolesArray = sessionObject.Roles.Split(splitter);

            foreach (string role in rolesArray)
            {
                if (!String.IsNullOrEmpty(role))
                {
                    roles.Add(role);
                }
            }
        }
        return roles.ToArray();
    }

The question I have is am I wrong using this approach? If cookies are disabled then there will be no HttpContext.Current.Request.Cookies[“ASP.NET_SessionId”]. My alternative plan was to insert an AccessSession object in to Session but this always appears null when the custom RoleProvider tried to access it.

I could use cacheRolesInCookie=true but again that would be no better than the above approach as disabling cookies would break the functionality.

Thanks,
Richard

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well I managed to solve it in the end by getting the roles from the FormsAuthenticationTicket which held all my roles in already. Here is an example of the code:

    public override string[] GetRolesForUser(string username)
    {
        List<string> roles = new List<string>();
        string[] rolesArray = new string[] { };
        char splitter = Advancedcheck.BLL.Common.Const.default_splitter;

        if (HttpContext.Current.User != null)
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (HttpContext.Current.User.Identity is FormsIdentity)
                {
                    FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket ticket = id.Ticket;

                    rolesArray = ticket.UserData.Split(splitter);

                    HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, rolesArray);
                }
            }
        }

        if (rolesArray.Length > 0)
        {
            foreach (string role in rolesArray)
            {
                if (!String.IsNullOrEmpty(role))
                {
                    roles.Add(role.ToLower());
                }
            }
        }
        return roles.ToArray();
    }
    • 0