From: Richard Maher Richard on
Hi,

Can someone please confirm that Session Cache will not always be
available/accesible from an implemented/overriden IPrincipal.isInRole()
method?

We obtain the current session state via ((HttpApplication)sender).Session
but *sometimes* get the error "Session state is not available in this
context".

What appears to be happening is when isInRole() is invoked to check for
sitemap node access then Session State is available, but if the check is to
do with a web-page url then it is not. Eg: -

Web.sitemap

<siteMapNode roles="ROLE1,ROLE2,ROLE3"

Seems ok.

But when my IsInRole() is called to check the web-page URL access defined
in web.config eg: -

Web.config

<location path="MyPage.aspx">
<system.web>
<authorization>
<allow roles="CHS_M_AccessThisStuff"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

The exception is raised.

I'd like to not have to re-load the user roles from the database each time
the isInRole method is invoked after its GenericPrincipal has been
(re)instantiated and Session Cache seemed a convenient place to hold them
with the added benefit of implicit, transparent, lifecycle management.

There is always Application Cache or just using the database buffers, but if
someone could rule out Session cache for us altogether that would help. A
pointer to the manual or a relevant MSDN article would be perfect!

Cheers Richard Maher