I have MyRoleProvider
implemented and access works normally, if the logged in user does not have the registered rule it does not allow access.
The problem is that with each access to an action with the authorization attribute it takes all the rules again, as we have control per screen plus modules each user has 80 ~ 200 rules.
public string[] GetRolesForUser(string login)
{
using (Contexto db = new Contexto())
{
var usuario = db.Usuario.FirstOrDefault(m => m.DS_USUARIO == login);
string[] roles = usuario.Regras.Select(m => m.DS_REGRA).ToArray();
return roles;
}
}
I noticed that in MyRoleProvider
there is a method called IfUserInRole
where the login and the desired rule passes and it seems that this method is not called by the authorization attribute.
How can I prevent GetRolesForUser
from being called for each request?
I know I could make a custom attribute of Authorize and do the direct verification, I already did it, just for the knowledge I'm asking the question!