I secure my application with the web config and by adding code in the
global asax.  It's a role base security.
It work fine.

My only concern it's I dont know how to not go get role every time at
the DataBase.

As i can see there is no session available in this method(Could have be
a temporary solution because i dont think it's a good idea).

In the web.config I cannot change the mode for forms it should stay
Window.

There is a simple way to only get one time the role of the user in the
Data Base?

Thanks



Code:
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
        ' Se déclenche lors d'une tentative d'authentification de
l'utilisation
        If (Not IsNothing(HttpContext.Current.User)) Then
               if (HttpContext.Current.User.Identity.IsAuthenticated)
Then
                    Dim ident As WindowsIdentity =
WindowsIdentity.GetCurrent()

                   'will get role from the Data Base
                    HttpContext.Current.User = New
GenericPrincipal(ident,
GetRole(HttpContext.Current.User.Identity.Name.Remove(0,
HttpContext.Current.User.Identity.Name.IndexOf("\") + 1)))
                End If
        End If
    End Sub

Where to store config information?
SQL Timeout Error
Known Issues w/ File.AppendText()
Simulating a fatal exception
NGen introduces instability