I am a bit lost using Authentication with MVC...
I´m looking for the best option to use in a big E-Commerce site, where the performance is top priority...
The two options I´m looking until now are :
Cache the Authentication data, like that :
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = FormsIdentity)HttpContext.Current.User.Identity;
// Create a custom Principal Instance and assign to Current User (with caching)
Customer principal = (Customer)HttpContext.Current.Cache.Get(id.Name);
if (principal == null)
{
// Create and populate your Principal object with the needed data and Roles.
principal = MyBusinessLayerSecurityClass.CreatePrincipal(id, id.Name);
HttpContext.Current.Cache.Add(
id.Name,
principal,
null,
System.Web.Caching.Cache.NoAbsoluteExpiration,
new TimeSpan(0, 30, 0),
System.Web.Caching.CacheItemPriority.Default,
null);
}
HttpContext.Current.User = principal;
}
}
}
}
Caching sample here
What you guys think?
Thanks
A more MVCish way to achieve this is to write a custom AuthorizeAttribute and perform this in an overriden OnAuthorization method instead of using Application_AuthenticateRequest
.
This being said I think that your implementation is quite good. As an alternative of storing the additional information into the cache you could store it in the userData
part of the authentication ticket if this information is not very large of course. Both approaches are viable. If you decide to go with caching I would recommend you offloading it to dedicated cache servers instead of storing it in the memory of the web servers.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With