Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Caching question - anyone cache/cookie roles in .net web app?  HttpContext etc?

Posted on 2013-05-25
7
Medium Priority
?
220 Views
Last Modified: 2013-06-13
Hello all,

I have an MVC application and in the app I have a custom AuthorizeAttribute.   In this method that gets called a good amount I run a query to check if the logged on user User.Identity.Name is in a SQL table.  That is the first check then if that is valid I think check if a role exists in a SQL role table and pass back simply a true boolean else false.

Is there a way to cache this like in the HttpContext somewhere?  So even though the method will always get called to check the role I can first check if the roles are in cache or a cookie etc. instead of making the database call again.   The same for the first check if the user is a valid user.  I tried like setting the HttpContext user IsAuthenticated property but that is not allowed.  I think there is a way to set the IPrincipal or something.   The idea is I don't want to use the role and membership provider I want to cache these somehow or put them in the right cookie similar but not have to stub out all the interface methods with Not implemented etc.
0
Comment
Question by:sbornstein2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Gary Davis
ID: 39197727
Caching can help reduce hits to Sql Server dramatically for the case you describe and many others. Use the Asp.Net Cache object to save the user's information. Prior to accessing Sql, retrieve the cache's info and if null, call Sql to get it and then stick the response fields into cache for next time. The cache key is important - it should identify the parameters passed to Sql such as the UserID.

The cache object should be set to expire in a few minutes with a sliding expiration which will keep it in cache as long as the user keeps requesting it (every page, probably). If the user changes his password, you should expire or update the cache object.

Possible useful: http://forums.asp.net/t/1004454.aspx

Gary Davis
0
 
LVL 16

Expert Comment

by:Stephan
ID: 39199638
If you use formsauthentication you can set userdata in the formsauthenticationticket
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx

This userdata object is of type string.

Another way I mostly use is HttpContext.Current.Items and add a item to this collection on each request (so you can access it multiple times in the same request/context).

You can also cache the user object in the HttpContext.Current.Cache to prevent more round trips to the database.
http://msdn.microsoft.com/en-us/library/system.web.caching.cache.aspx
Make sure that the cache objects are identified with a key you can recreate like "GetUserById_1"
0
 

Author Comment

by:sbornstein2
ID: 39200036
I am using Windows Auth then I take the User.Identity.Name and query sql server to validate if the user is valid in a table called User then I enumerate through a Role table in SQL server.   I am not sure exactly best place to store first the user was validated and then second the roles.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:Stephan
ID: 39200348
So if I understand this correctly, you are using identity impersonation and not through NTLM?

So the user is automaticly authenticated if it is inside the domain? and there is no login screen for the user?

If you are using a login screen (for example; NTLM), you can get the roles once and set them in the authenticationtoken and retrieve them without calling the sql database.
0
 

Author Comment

by:sbornstein2
ID: 39201157
Correct Stephan.   IIS has anonymous disabled and windows auth enabled.   I don't want to lock down only certain users to the server or via AD etc.   So anyone can hit the site but the SQL User table is where I am going to validate if the user has access to the site.  I store the user domain username in that table.  So I think compare the User.Identity.Name against that table to validate the user is valid or not.   Then I store roles in a Roles table.   Two things I am looking at now is the CustomIdentity and CustomPrincipal as I was hoping to leverage maybe the IsAuthenticated but of course the User context this is always set to true and I can't change it.    I am also wondering if I should look into using claims but that seems overkill only because I have a total of 40 users and it is all inside the firewall Intranet based only.
0
 
LVL 16

Accepted Solution

by:
Stephan earned 2000 total points
ID: 39201177
Well, that the user is authenticated because he is identified as a user is true. So that should be ok. What you can do is working only with roles. That a user should have "User" as role for all pages.

You can setup a custom roleprovider:
http://msdn.microsoft.com/en-us/library/317sza4k(v=vs.90).aspx

What you can do also is getting the roles of the user (if it exists) and set them into a cookie (make sure it is encrypted so they cannot change it).

then use that cookie to implement the custom roleprovider
0
 

Author Closing Comment

by:sbornstein2
ID: 39244755
thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question