Dashboard authorization via session

Hi all,

I want to use the current session to authorize users to view the dashboard. It all works well, but when I want to see the details of a job, or want to delete or trigger a job, the current session is null and the action is not performed.

I have the following authorization code:

public bool Authorize(DashboardContext context)
{
	var aspSession = HttpContext.Current.Session;
			
	var userId = aspSession?["user_id"];

	// if no userId was found, reject access to the dashboard 
	if (userId == null) return false;

	var user = UserAccount.LoadFromCentralizedCache((int)userId);

	return user.HasPermission("Some permission", 1);
}

Am I doing something wrong?

Thanks in advance,

Justin

I’m finding the same issue. As far as I can tell, at that point in the .NET pipeline Session is not set yet. But like you, I’m relying on Session to store certain information about the user (including the roles) so I don’t have to hit the database for every request.

Maybe a better solution is to use an IPrincipal or one such mechanism to store the roles.

Have you had any luck in finding a solution to this?