User permissions calling all rules at each access

Asked

Viewed 116 times

1

I have a MyRoleProvider implemented and access works normal, if the logged-in user does not have the rule registered he does not allow access.

The problem is that at each access to an action with the authorization attribute it takes all the rules again, as we have control per screen plus modules each user has 80~200 rules.

public string[] GetRolesForUser(string login)
    {
        using (Contexto db = new Contexto())
        {
            var usuario = db.Usuario.FirstOrDefault(m => m.DS_USUARIO == login);

            string[] roles = usuario.Regras.Select(m => m.DS_REGRA).ToArray();

            return roles;
        }
    }

I noticed that in the MyRoleProvider there is a method called IfUserInRole where you pass the login and the desired rule and it seems that this method is not called by the authorization attribute.

How can I prevent GetRolesForUser be called to each request?

I know I could do a custom attribute of Authorize and do the direct check, I already did, just for knowledge I’m asking the question!

1 answer

0


In fact what happens is that Lazy Load is being called to the extreme.

Switch to the next:

public string[] GetRolesForUser(string login)
{
    using (Contexto db = new Contexto())
    {
        var usuario = db.Usuario.Include(u => u.Regras).FirstOrDefault(m => m.DS_USUARIO == login);

        return usuario.Regras.Select(m => m.DS_REGRA).ToArray();
    }
}

This makes the database load the rules as a JOIN and not as several separate sentences.

  • Great, but do you think it pays to bring all the rules in the same way? The Ifuserinrole method should be called in my opinion, I do not know why it is not used.

  • IsInRole flame GetRolesForUser.

  • Incidentally, http://msdn.microsoft.com/en-us/library/system.web.security.roleprincipal.isinrole(v=vs.110). aspx

  • I’m going to take a look at this Roleprincipal my role Provider extendia http://referencesource.microsoft.com/#System.Web.Applicationservices/Security/Roleprovider.Cs

Browser other questions tagged

You are not signed in. Login or sign up in order to post.