与WindowsTokenRoleProvider性能下降 [英] Poor Performance with WindowsTokenRoleProvider
问题描述
我用 WindowsTokenRoleProvide
研究,以确定在ASP.NET Web应用程序的Active Directory组成员。
I'm using WindowsTokenRoleProvide
r to determine Active Directory group membership in an ASP.NET web application.
我的问题是,表现并不好,尤其是当用户在多个组。举个例子,我在253(!)组和 WindowsTokenRoleProvider
正在约150秒,以确定我在什么组。
My problem is that performance is not good, especially when a user is in many groups. As an example, I am in 253(!) groups, and WindowsTokenRoleProvider
is taking around 150 seconds to determine what groups I am in.
我知道我可以使用缓存,这样,这是不是对用户的后续请求完成,但显然它会持续多长时间上的第一个命中是不能接受的。
I know I can use caching so that this isn't done on subsequent requests for a user, but obviously it isn't acceptable to take that long on the first hit.
我有什么选择?我可以强制 WindowsTokenRoleProvider
只考虑某些群体? (我只关心在5)。
What are my options? Can I force WindowsTokenRoleProvider
to only consider certain groups? (I'm only interested in 5).
推荐答案
一些测试显示,我的问题是,调用:
Some testing has revealed that my problem is that calling:
Roles.IsUserInRole(groupName)
正在访问的 RoleProvider
的方法 GetRolesForUser
- 每一个角色被检索的详细信息的用户是一个成员的。
is accessing the method GetRolesForUser
in the RoleProvider
- which is retrieving details of every role the user is a member of.
但呼吁:
Roles.Provider.IsUserInRole(groupName)
确定用户是否是该组中 - 而不检索的每一个角色的用户是在细节
determines whether or not the user is in the group - without retrieving the details of every role the user is in.
怪异,但它看起来像使用 Roles.Provider.IsUserInRole
将解决我的问题。
Weird, but it looks like using Roles.Provider.IsUserInRole
will solve my problem.
*更新*
事实证明,这仅仅是一个局部的解决办法;如果我使用必要的权限检查,或允许和拒绝在web.comfig,那么 WindowsTokenRoleProvider
还是去和慢慢的每一个获取详情集团用户中的一员:O(
It turns out that this is just a partial workaround; if I use imperative permission checks, or 'allow' and 'deny' in web.comfig, then WindowsTokenRoleProvider
still goes and slowly gets details of every group the user is a member of :o(
所以我的问题仍然有效...
So my question still stands...
*更新*
我通过创建一个从WindowsTokenRoleProvider扩展一个类并覆盖解决了这个 GetRolesForUser
所以它只能在配置中指定的角色的成员资格检查。它包含缓存太:
I solved this by creating a class that extends from WindowsTokenRoleProvider and overriding GetRolesForUser
so it only checks for membership of roles specified in the configuration. It includes caching too:
/// <summary>
/// Retrieve the list of roles (Windows Groups) that a user is a member of
/// </summary>
/// <remarks>
/// Note that we are checking only against each system role because calling:
/// base.GetRolesForUser(username);
/// Is _very_ slow if the user is in a lot of AD groups
/// </remarks>
/// <param name="username">The user to check membership for</param>
/// <returns>String array containing the names of the roles the user is a member of</returns>
public override string[] GetRolesForUser(string username)
{
// Will contain the list of roles that the user is a member of
List<string> roles = null;
// Create unique cache key for the user
string key = String.Concat(username, ":", base.ApplicationName);
// Get cache for current session
Cache cache = HttpContext.Current.Cache;
// Obtain cached roles for the user
if (cache[key] != null)
{
roles = new List<string>(cache[key] as string[]);
}
// Was the list of roles for the user in the cache?
if (roles == null)
{
roles = new List<string>();
// For each system role, determine if the user is a member of that role
foreach (SystemRoleElement role in WebConfigSection.Settings.SystemRoles)
{
if (base.IsUserInRole(username, role.Name))
{
roles.Add(role.Name);
}
}
// Cache the roles for 1 hour
cache.Insert(key, roles.ToArray(), null, DateTime.Now.AddHours(1), Cache.NoSlidingExpiration);
}
// Return list of roles for the user
return roles.ToArray();
}
这篇关于与WindowsTokenRoleProvider性能下降的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!