Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Caching question - anyone cache/cookie roles in .net web app?  HttpContext etc?

Posted on 2013-05-25
7
Medium Priority
?
222 Views
Last Modified: 2013-06-13
Hello all,

I have an MVC application and in the app I have a custom AuthorizeAttribute.   In this method that gets called a good amount I run a query to check if the logged on user User.Identity.Name is in a SQL table.  That is the first check then if that is valid I think check if a role exists in a SQL role table and pass back simply a true boolean else false.

Is there a way to cache this like in the HttpContext somewhere?  So even though the method will always get called to check the role I can first check if the roles are in cache or a cookie etc. instead of making the database call again.   The same for the first check if the user is a valid user.  I tried like setting the HttpContext user IsAuthenticated property but that is not allowed.  I think there is a way to set the IPrincipal or something.   The idea is I don't want to use the role and membership provider I want to cache these somehow or put them in the right cookie similar but not have to stub out all the interface methods with Not implemented etc.
0
Comment
Question by:sbornstein2
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Gary Davis
ID: 39197727
Caching can help reduce hits to Sql Server dramatically for the case you describe and many others. Use the Asp.Net Cache object to save the user's information. Prior to accessing Sql, retrieve the cache's info and if null, call Sql to get it and then stick the response fields into cache for next time. The cache key is important - it should identify the parameters passed to Sql such as the UserID.

The cache object should be set to expire in a few minutes with a sliding expiration which will keep it in cache as long as the user keeps requesting it (every page, probably). If the user changes his password, you should expire or update the cache object.

Possible useful: http://forums.asp.net/t/1004454.aspx

Gary Davis
0
 
LVL 16

Expert Comment

by:Stephan
ID: 39199638
If you use formsauthentication you can set userdata in the formsauthenticationticket
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx

This userdata object is of type string.

Another way I mostly use is HttpContext.Current.Items and add a item to this collection on each request (so you can access it multiple times in the same request/context).

You can also cache the user object in the HttpContext.Current.Cache to prevent more round trips to the database.
http://msdn.microsoft.com/en-us/library/system.web.caching.cache.aspx
Make sure that the cache objects are identified with a key you can recreate like "GetUserById_1"
0
 

Author Comment

by:sbornstein2
ID: 39200036
I am using Windows Auth then I take the User.Identity.Name and query sql server to validate if the user is valid in a table called User then I enumerate through a Role table in SQL server.   I am not sure exactly best place to store first the user was validated and then second the roles.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 16

Expert Comment

by:Stephan
ID: 39200348
So if I understand this correctly, you are using identity impersonation and not through NTLM?

So the user is automaticly authenticated if it is inside the domain? and there is no login screen for the user?

If you are using a login screen (for example; NTLM), you can get the roles once and set them in the authenticationtoken and retrieve them without calling the sql database.
0
 

Author Comment

by:sbornstein2
ID: 39201157
Correct Stephan.   IIS has anonymous disabled and windows auth enabled.   I don't want to lock down only certain users to the server or via AD etc.   So anyone can hit the site but the SQL User table is where I am going to validate if the user has access to the site.  I store the user domain username in that table.  So I think compare the User.Identity.Name against that table to validate the user is valid or not.   Then I store roles in a Roles table.   Two things I am looking at now is the CustomIdentity and CustomPrincipal as I was hoping to leverage maybe the IsAuthenticated but of course the User context this is always set to true and I can't change it.    I am also wondering if I should look into using claims but that seems overkill only because I have a total of 40 users and it is all inside the firewall Intranet based only.
0
 
LVL 16

Accepted Solution

by:
Stephan earned 2000 total points
ID: 39201177
Well, that the user is authenticated because he is identified as a user is true. So that should be ok. What you can do is working only with roles. That a user should have "User" as role for all pages.

You can setup a custom roleprovider:
http://msdn.microsoft.com/en-us/library/317sza4k(v=vs.90).aspx

What you can do also is getting the roles of the user (if it exists) and set them into a cookie (make sure it is encrypted so they cannot change it).

then use that cookie to implement the custom roleprovider
0
 

Author Closing Comment

by:sbornstein2
ID: 39244755
thanks
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Screencast - Getting to Know the Pipeline
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question