locked
MS11-100 roles caching RRS feed

  • Question

  • User-2101070360 posted

    We have an asp.net mvc app which uses forms authentication. It appears that since MS11-100 has been applied, that roles are no longer being cached in the ASXPROLES cookie. It would then follow that an authenticated user's roles would be requeried (in our case from ldap) on every request for a secured resource.

    Thoughts?

    Friday, February 3, 2012 6:26 PM

Answers

  • User1779161005 posted

    Are you using the RoleManager feature in your app? I can't quite tell how you're already doing the caching... worst case scenario you just write the code to cache the role info in ASP.NET data cache and populate those roles into the HttpContext.User in Application_PostAuthenticateRequest (which is same pipeline event he RoleManager is handling).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, February 22, 2012 2:27 PM