问题描述
我正在使用 WindowsTokenRoleProvide
r 来确定 ASP.NET Web 应用程序中的 Active Directory 组成员身份.
I'm using WindowsTokenRoleProvide
r to determine Active Directory group membership in an ASP.NET web application.
我的问题是性能不好,尤其是当用户在多个组中时.例如,我在 253(!) 个组中,WindowsTokenRoleProvider
需要大约 150 秒来确定我在哪些组中.
My problem is that performance is not good, especially when a user is in many groups. As an example, I am in 253(!) groups, and WindowsTokenRoleProvider
is taking around 150 seconds to determine what groups I am in.
我知道我可以使用缓存,这样就不会在对用户的后续请求中执行此操作,但显然在第一次点击时花费这么长时间是不可接受的.
I know I can use caching so that this isn't done on subsequent requests for a user, but obviously it isn't acceptable to take that long on the first hit.
我有哪些选择?我可以强制 WindowsTokenRoleProvider
只考虑某些组吗?(我只对 5 个感兴趣).
What are my options? Can I force WindowsTokenRoleProvider
to only consider certain groups? (I'm only interested in 5).
推荐答案
一些测试表明我的问题是调用:
Some testing has revealed that my problem is that calling:
正在访问 RoleProvider
中的方法 GetRolesForUser
- 该方法检索用户所属的每个角色的详细信息.
is accessing the method GetRolesForUser
in the RoleProvider
- which is retrieving details of every role the user is a member of.
但是打电话:
确定用户是否在组中 - 无需检索用户所在的每个角色的详细信息.
determines whether or not the user is in the group - without retrieving the details of every role the user is in.
很奇怪,但看起来使用 Roles.Provider.IsUserInRole
可以解决我的问题.
Weird, but it looks like using Roles.Provider.IsUserInRole
will solve my problem.
* 更新 *
事实证明,这只是部分解决方法;如果我使用命令式权限检查,或者在 web.comfig 中使用允许"和拒绝",那么 WindowsTokenRoleProvider
仍然会继续并且 缓慢 获取用户所属的每个组的详细信息:o(
It turns out that this is just a partial workaround; if I use imperative permission checks, or 'allow' and 'deny' in web.comfig, then WindowsTokenRoleProvider
still goes and slowly gets details of every group the user is a member of :o(
所以我的问题仍然存在......
So my question still stands...
* 更新 *
我通过创建一个从 WindowsTokenRoleProvider 扩展并覆盖 GetRolesForUser
的类解决了这个问题,因此它只检查配置中指定的角色的成员资格.它也包括缓存:
I solved this by creating a class that extends from WindowsTokenRoleProvider and overriding GetRolesForUser
so it only checks for membership of roles specified in the configuration. It includes caching too:
这篇关于WindowsTokenRoleProvider 的性能不佳的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!