Doubts in Custom Authentication using iPrincipal - very urgent
-
I try to implement Custom Authentication with implementing IPrincipal and IIdentity based on the article Custom Authentication provider by implementing IHttpModule, IPrincipal and IIdentity. As per this article We have to create Custom Principal object for every request(Authenticate request) . My doubt is 1. Why we have to create this object every time? 2. This leads the database request every time - getting roles and permissions. This is unwanted. 3. Instead of this implementation, why not we use the session object to store the custom principal object after authorized from the login page? 4. I tried to use the session object, but i couldn't get the session object in the AuthenticateRequest event. How can i retrieve from Global.asax.cs? Please reply immediately, very urgent. Thanks in Advance. Regards R.Arockiapathinathan