RoleManager & Session object

[Joel Reinford]

I am trying to build custom membership/role providers, inheriting from the
base membership/role providers because I have an existing database with user
authentication and roles. The membership part is fine but I'm not getting
something right on the roles. When the user logs in, I am getting a
delimited list of roles from the database and putting them into a Session
variable. I thought I could access that Session variable in the Role
provider class like this:

Public Overrides Function GetRolesForUser(ByVal userName As String) As
String()
Dim pipe As Char = Chr(124)
Dim roleList As String
If Not IsNothing(HttpContext.Current.Session("UserRoles")) Then
roleList =
Convert.ToString(HttpContext.Current.Session("UserRoles"))
Else
'could also hit the database here if needed
roleList = "public"
End If
Return roleList.ToLower.Split(pipe)
End Function

When I run the application on a secured page, I always get a null reference
exception on the HttpContext.Current.Session("UserRoles")). I can use
HttpContext.Current in the code without a problem, but adding the Session
object will always produce an exception.

My two questions are:
1) Why can't the Role provider access the httpcontext.current.Session object
(and is there a way to fix this)?
2) How can I attach the roles to the user at login time so that I don't have
to hit the database for role information on later page requests.

Joel Reinford
Data Management Solutions LLC

 

[news.versatel.nl]

My two questions are:

1) Why can't the Role provider access the httpcontext.current.Session
object (and is there a way to fix this)?

This should answer your question: http://forums.asp.net/thread/1214615.aspx

2) How can I attach the roles to the user at login time so that I don't
have to hit the database for role information on later page requests.

The role provider can cache the roles in a cookie. This article should give
you all the info you need:
http://msdn2.microsoft.com/en-us/library/tksy7hd7.aspx.

HTH,

Bastiaan de Rijber