What it is, what it does, how it works, and what you need to do

What it is
The class library--a DLL--consists of a class that implements the IHttpModule interface as well as some supporting classes that manage the role caching and the session end notification (which is necessary because in version 1 of the .NET framework, the session end notification does not work as advertised).

What it does

  • It reconstructs user roles for every web request.
  • It caches roles for authenticated uses.
  • It handles multiple sessions for the same user.
  • It releases memory after the user session ends.

How it works
It handles two application events: AuthenticateRequest and AcquireRequestState.

In the AuthenticateRequest event (which occurs on every request), if the user has just been authenticated (logged in) the module will acquire the roles for the user from a method that you provide. It will then cache these roles and not call your method for that user's session. However, for every request, the module will assign the roles to the User attribute as required by the .NET framework.

The purpose of the module handling the AcquireRequestState event is to enable it to hook into the user's session. The module will later release the memory used to cache the user's roles.

What you need to do

  • Add the DLL to your application's bin directory. (Alternatively, you could put it into the GAC.)
  • Make an entry in your web application's config file and a reference to the assembly in your project.
  • Provide the code that logs users into your application.
  • Provide the code that determines the roles for a given user.

Take a look at the sample page for more details.

Every application needs logging to some degree, whether it's for recording user actions,
notifying support of application errors, or debugging applications. Do yourself a favor and
take a look at this
logging framework.

© Copyright 2002 - Lorne Brinkman - All Rights Reserved