User permissions calling all rules at each access

Question

User permissions calling all rules at each access

Asked 10 years, 2 months ago

Viewed 116 times

1

I have a MyRoleProvider implemented and access works normal, if the logged-in user does not have the rule registered he does not allow access.

The problem is that at each access to an action with the authorization attribute it takes all the rules again, as we have control per screen plus modules each user has 80~200 rules.

public string[] GetRolesForUser(string login)
    {
        using (Contexto db = new Contexto())
        {
            var usuario = db.Usuario.FirstOrDefault(m => m.DS_USUARIO == login);

            string[] roles = usuario.Regras.Select(m => m.DS_REGRA).ToArray();

            return roles;
        }
    }

I noticed that in the MyRoleProvider there is a method called IfUserInRole where you pass the login and the desired rule and it seems that this method is not called by the authorization attribute.

How can I prevent GetRolesForUser be called to each request?

I know I could do a custom attribute of Authorize and do the direct check, I already did, just for knowledge I’m asking the question!

1 answer

Browser other questions tagged asp.net-mvc asp.net-membership authorization

You are not signed in. Login or sign up in order to post.

by Leonel Sanches da Silva • **88,623** points · Answer 1 · 2014-08-25T20:37:06+00:00

In fact what happens is that Lazy Load is being called to the extreme.

Switch to the next:

public string[] GetRolesForUser(string login)
{
    using (Contexto db = new Contexto())
    {
        var usuario = db.Usuario.Include(u => u.Regras).FirstOrDefault(m => m.DS_USUARIO == login);

        return usuario.Regras.Select(m => m.DS_REGRA).ToArray();
    }
}

This makes the database load the rules as a JOIN and not as several separate sentences.