User permissions calling all rules with each access

1

I have MyRoleProvider implemented and access works normally, if the logged in user does not have the registered rule it does not allow access.

The problem is that with each access to an action with the authorization attribute it takes all the rules again, as we have control per screen plus modules each user has 80 ~ 200 rules.

public string[] GetRolesForUser(string login)
    {
        using (Contexto db = new Contexto())
        {
            var usuario = db.Usuario.FirstOrDefault(m => m.DS_USUARIO == login);

            string[] roles = usuario.Regras.Select(m => m.DS_REGRA).ToArray();

            return roles;
        }
    }

I noticed that in MyRoleProvider there is a method called IfUserInRole where the login and the desired rule passes and it seems that this method is not called by the authorization attribute.

How can I prevent GetRolesForUser from being called for each request?

  

I know I could make a custom attribute of Authorize and   do the direct verification, I already did it, just for the knowledge   I'm asking the question!

    
asked by anonymous 25.08.2014 / 22:27

1 answer

0

In fact what happens is that Lazy Load is being called to the extreme.

Change to the following:

public string[] GetRolesForUser(string login)
{
    using (Contexto db = new Contexto())
    {
        var usuario = db.Usuario.Include(u => u.Regras).FirstOrDefault(m => m.DS_USUARIO == login);

        return usuario.Regras.Select(m => m.DS_REGRA).ToArray();
    }
}

This causes the database to load the rules as a JOIN and not as several separate statements.

    
25.08.2014 / 22:37