ansaurus

Question

Answer 1

A:

depend on the custom role provider used.

Just call a "update my role" function on every request? (bad way but at least your sure to update it)

Fredou 2010-01-05 19:49:42

Yes, that's what I want (though I wouldn't call it on EVERY request). How would I go about implementing this then in my custom RoleProvider? There is nothing in the RoleProvider interface that seems to hook in to [how/where]ever ASP.NET caches the roles.

eidylon 2010-01-05 20:06:01

Answer 2

+1 A:

I assume you have something like this in your web.config:

<roleManager enabled="true" defaultProvider="..." 
             cacheRolesInCookie="true">

The roles are cached in a cookie , so you can force them to refresh by deleting the cookie. This method worked for me. I added the cookieName attribute so that I don't rely on asp.net's default. For your scenario, though, you may be able to just set the cookieTimeout attribute to something reasonable and be done with it.

This method won't update the roles immediately, of course. They will be updated on the next page load after you delete the cookie.

Gabe Moothart 2010-03-03 18:40:41

Found the method, thank you. This can be done by calling: Roles.DeleteCookie();

eidylon 2010-03-04 16:49:58

Answer 3

A:

If you don't want to use cookies you can use Session object to cache the roles. like this:

        public override string[] GetRolesForUser(string username)
    {
        System.Web.SessionState.HttpSessionState Session = HttpContext.Current.Session;
        if (Session["roles"] == null)
                Session["roles"] = MyDataProvider.Security.GetRolesForUser(username);
        return (string[])Session["roles"];
    }

When you need to update the roles for this user you can do

Session["roles"] = null

TheManAtTheOrgansiation 2010-04-12 08:28:44

By default you can't use the Session object in the GetRolesForUser() method. The Session isn't yet initialized in this phase.Don't know if there's a work-around for it though.

Jan_V 2010-09-02 14:25:43

Answer 4

A:

The roles are cached in a cookie (encrypted of course). The simplest solution will be to disable caching in the web.config file. You will loose some performance.

Else you must somehow resend the auth cookie. One major problem is that many browsers will not accept cookies on redirects with method post.

The other solution that worked for me:

1) In a aspx methodod log the user out and store the username in the session

//Add User to role reviewer and refresh ticket

Roles.AddUserToRole(User.Identity.Name, Constants.ROLE_REVISOR);
FormsAuthentication.SignOut();
FormsAuthentication.SetAuthCookie(User.Identity.Name, false); //Might work in some browsers
Session["REFRESHROLES"] = User.Identity.Name;
Response.Redirect("someprotectedurl?someid=" + someid);

2) In the loginpage sign the user in again if username is stored in session

protected void Page_Load(object sender, EventArgs e)
{
   string returnUrl = Request.QueryString["ReturnUrl"];
   if(String.IsNullOrEmpty(returnUrl) == false)
   {

         if(Session["REFRESHROLES"] != null)
         {
            if(!string.IsNullOrEmpty(Session["REFRESHROLES"].ToString()))
            {

               FormsAuthentication.SetAuthCookie(Session["REFRESHROLES"].ToString(), false);
               Session.Remove("REFRESHROLES");
               Response.Redirect(returnUrl);  
               return;
            }
         }

2010-10-17 16:17:28

ansaurus

tags:

views:

answers:

Refresh ASP.NET Role Provider

related questions