Roles.CacheRolesInCookie Property
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets a value indicating whether the current user's roles are cached in a cookie.
public:
static property bool CacheRolesInCookie { bool get(); };
public static bool CacheRolesInCookie { get; }
static member CacheRolesInCookie : bool
Public Shared ReadOnly Property CacheRolesInCookie As Boolean
true
if the current user's roles are cached in a cookie; otherwise, false
. The default is true
.
The following example shows the roleManager element in the system.web
section of the Web.config file for an ASP.NET application. It specifies that the application uses a SqlRoleProvider instance and sets the cacheRolesInCookie
attribute to true
.
<roleManager defaultProvider="SqlProvider"
enabled="true"
cacheRolesInCookie="true"
cookieName=".ASPROLES"
cookieTimeout="30"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="All" >
<providers>
<add
name="SqlProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlServices"
applicationName="MyApplication" />
</providers>
</roleManager>
When the CacheRolesInCookie property is set to true
in the Web.config file, role information for each user is stored in a cookie. When role management checks to see whether a user is in a particular role, the roles cookie is checked before the role provider is called to check the list of roles at the data source. The cookie is dynamically updated to cache the most recently validated role names.
You can improve the reliability of the role names cached in a cookie by specifying a CookieProtectionValue property when you configure ASP.NET roles. The default CookieProtectionValue is All
, which encrypts role names in the cookie and validates that the cookie contents have not been altered.
Note
Because role names can be cached apart from the data source, it is possible that changes to role management at the data source would not be reflected in the cached values. In this case, the user must close and re-open their browser to clear the cached cookie value.
Product | Versions |
---|---|
.NET Framework | 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
.NET feedback
.NET is an open source project. Select a link to provide feedback: