From: Temoc on
I am implementing a Custom Membership and Role Provider against SQL Database
using Visual Studio 2010.
Most of the data on the website is associated with the UserGUID rather than
the UserName. On the membership provider I am storing the userGUID as
follows:
HttpContext.Current.Session.Add("UserGuid",System.Convert.ToString(reader["UserGuid"]));
I can easily access this value on any of web pages However on my Custom Role
Provider the HttpContext.Current.Session is null.
Question 1
Where do I store the UserGUID on my membership provider so I access it on
my Role Provider?
Question 2
I would like also to cache the roles for the logged user so that
GetRolesForUser(string username) won't have to be accessing the database
every time the user changes pages instead I would read it from cache if
available. Where would be a secure place to store these values?

Thanks for the help

From: Mr. Arnold on
Temoc wrote:
> I am implementing a Custom Membership and Role Provider against SQL Database
> using Visual Studio 2010.
> Most of the data on the website is associated with the UserGUID rather than
> the UserName. On the membership provider I am storing the userGUID as
> follows:
> HttpContext.Current.Session.Add("UserGuid",System.Convert.ToString(reader["UserGuid"]));
> I can easily access this value on any of web pages However on my Custom Role
> Provider the HttpContext.Current.Session is null.
> Question 1
> Where do I store the UserGUID on my membership provider so I access it on
> my Role Provider?
> Question 2
> I would like also to cache the roles for the logged user so that
> GetRolesForUser(string username) won't have to be accessing the database
> every time the user changes pages instead I would read it from cache if
> available. Where would be a secure place to store these values?

You would cache the information on a back-end application Web server,
and you would retrieve the information using a Web service. The Web
service would read cache first (cache on a timer) and if null for the
user, the service would go back to the database and persist it back to
cache on the back-end application Web server.

As far as the GUID what's wrong in passing it as a parm on the URL to
every page on a Response Redirect to the page?