Question
I'm working on a portalsystem to share information and documents etc. Each user can have mulitple profiles. Each profile can have different roles and permissions thereby. Now everything is working fine, but I have a question about the MembershipProvider and MembershipUser.
I'm using a custom MembershipProvider and MembershipUser in combination with OpenAccess ORM.
I rely a lot on the (CustomMembershipUser)Membership.GetUser(). For example I build a usermenu where they can see as which user they are logged in and from which profiles they can choose.
To build this menu and collect the groups, roles and permissions for the current profile there are a lot of calls to the Membership.GetUser() from different locations in the code. I first cached the user and returned this based on the ProviderUserKey, but I was told this is unsafe. So I removed the caching, but it was much faster. Is there an alternative, best practice for this?
Solution
There is no 100% solution for your situation, either you have your results cached, either you calculate it every time. The compromiss is to configure cache policies very careful, if caching cause risk your application.
Afaik, caching cause risks in very rare situation, only if you have to apply changes immediately. Consider using some advanced caching policies like cache dependency.
OTHER TIPS
Session is an appropriate solution based on your description. It is safe enough. HttpContext.Items["MembershipUser"] only keep the user information within one http request while session retain information until session expire.
Cache, however is per application instead per user
https://stackoverflow.com/questions/13490708
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian