What it is, what it does, how it works, and what you need to do
What it is
The class library--a DLL--consists of a class that implements
the IHttpModule interface as well as some supporting classes that manage the
role caching and the session end notification (which is necessary because
in version 1 of the .NET framework, the session end notification does not work
What it does
It reconstructs user roles for every web request.
It caches roles for authenticated uses.
It handles multiple sessions for the same user.
It releases memory after the user session ends.
How it works
It handles two application events: AuthenticateRequest and
In the AuthenticateRequest event (which occurs on every
request), if the user has just been authenticated (logged in) the module will
acquire the roles for the user from a method that you provide. It will then
cache these roles and not call your method for that user's session. However,
for every request, the module will assign the roles to the User attribute as
required by the .NET framework.
The purpose of the module handling the AcquireRequestState event is
to enable it to hook into the user's session. The module will later release the
memory used to cache the user's roles.
What you need to do
Add the DLL to your application's bin directory. (Alternatively, you
could put it into the GAC.)
Make an entry in your web application's config file and a reference
to the assembly in your project.
Provide the code that logs users into your application.
Provide the code that determines the roles for a given user.
Take a look at the sample page for more