Reputation: 32828
Does asp.net do any caching when checking for [Authorize(Roles = "Student")]
I have a method that I would like to limit to use by people who have the role of "Student". I would like to explore different ways of doing this.
First I know I can decorate the method like this:
[Authorize(Roles = "Student")]
If I know the role of "Student" has a RoleId of 4 and if I know the user has a UserId of 2 then:
is decoration of the method more efficient than allowing every user into the role and then doing a select against my Identity 2 database to see if the user 2 has a roleId of 4 in the AspNetUserRoles table.
As an FYI I am using WebAPI with ASP.Net Identity 2.1 and token bearer authentication. All my users access through web browser front-end. If there is no caching but a way to switch on caching I would appreciate advice from anyone who could help advise me on how to use this if it is not enabled by default.
Upvotes: 2
Views: 89
Answers (1)
Reputation: 2862
You can enable the caching feature of the Role Provider from web.config using CacheRolesInCookie. See this link for more details.
Alternately you can always override the default Role Provider (see this link for more details), but I guess this is not exactly what you are looking after...
Upvotes: 2
Related Questions
- MVC 5: Custom AuthorizeAttribute and Caching
- Smart caching for custom AuthorizeAttribute in ASP.NET
- Authorization and ASP.NET MVC Caching
- ASP.Net client caching on authenticated pages
- Cache database results in WebAPI authentication
- Does Role Provider cache per request?
- MVC 3 partial caching
- Does this method do what it says it will do (prevent the page from being cached)?
- ASP.NET MVC and role caching?
- ASP.NET MVC Caching vary by authentication