I don't have a response in framework.aspnet, may be this one is a more
appropriate group.

= = = = = = = = = = = = = = = = == = =  = = = == = = = = = = = = = = = = = =
= = =

Each of my intranet page (windows authentication) needs to validate user's
roles stored in the database. Currently, I retrieve the the
User.Identity.Name property, then query the database for user's roles
everytime a page is loaded, which is very inefficient.

I think a more efficient approach would be to query the database only once
for each user, the application_start event is probably the best place? Once
this particular user's roles are retrieved, the roles can be concatenated as
a delimied string and stored in cookie or a session variable. Then on each
page load event, I just have to parse the roles string to apply
authorization.

I believe this scheme will work. But it seems more like a hack than a design
pattern or a best practice. I'm seeking a .NET elegant solution. Please
advise.

TIA,
Andi