IdentityServer4调用过多会导致性能问题 [英] IdentityServer4 too many calls cause performance issue

问题描述

我正在实现一个自定义用户商店，我的用户提供程序位于其中，我通过消息传递与我的用户联系.

I am implementing a custom user store where my users provider lives in a separate service which I am reaching out using messaging.

问题是GetProfileDataAsync和IsActiveAsync被调用太多次(每次大约3次)，导致每次启动消息传递过程.

The thing is GetProfileDataAsync and IsActiveAsync are getting called too many times (about 3 times each) causing messaging process to be launched each time.

这是IProfileService的简单实现.

Here is a simple implementation of IProfileService.

public class IdentityProfileService : IProfileService
{
    private readonly UserManager<ApplicationUser> _userManager;

    public IdentityProfileService (UserManager<ApplicationUser> userManager)
    {
        _userManager = userManager;
    }

    public async Task GetProfileDataAsync(ProfileDataRequestContext context)
    {

        var user = await _userManager.FindBySubjectIdAsync(context.Subject.GetSubjectId());
        if (user != null)
        {
            context.IssuedClaims = user.Claims;
        }
    }

    public async Task IsActiveAsync(IsActiveContext context)
    {
        var sub = context.Subject.GetSubjectId();
        var user = await _userManager.FindByIdAsync(sub);
        context.IsActive = user != null;
    }
}

我的问题是:

有没有办法减少这些电话的数量?还是我可以检查是否存在一些信息，这意味着无需再次调用_userManager.FindBySubjectIdAsync?

Is there a way to minimize the number of these calls? or can I check for some info that's existence means that there is no need to call _userManager.FindBySubjectIdAsync again?

推荐答案

配置文件服务不会被调用太多，但是会在不同的上下文中被多次调用:

The Profile Service is not called too many times, but it is called multiple times with a different context:

• 对于访问令牌Context.Caller = ClaimsProviderAccessToken.
• 用于身份令牌Context.Caller = UserInfoEndpoint.

每个呼叫者期望一个不同的结果.因此，您应该按要求的索赔类型过滤索赔:

Each caller expects a different result. That is why you should filter the claims by the requested claim types:

public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
    var sub = context.Subject.GetSubjectId();
    var user = await _userManager.FindByIdAsync(sub);
    var principal = await _claimsFactory.CreateAsync(user);

    var claims = principal.Claims.Where(claim => context.RequestedClaimTypes.Contains(claim.Type)).ToList();

    context.IssuedClaims = claims;
}

这就是为什么access_token包含与identity_token不同的声明的原因.

That is why the access_token contains different claims than the identity_token.

您可以通过不从访问端点以外的其他端点请求信息来最大程度地减少呼叫.但是，您也可以检查呼叫者，并对每个呼叫者采取不同的操作.您还可以延长令牌的使用寿命，这样就不需要刷新令牌了.

You could minimize the calls by not requesting info from other endpoints than the access endpoint. But you can also check the caller and act differently for each caller. You can also give the token a longer lifetime so you won't need to refresh the token that ofter.

这篇关于IdentityServer4调用过多会导致性能问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！