I have build some complex custom security which I use within my controllers (Mvc & WebApi) and Views.
Currently it's based on database but I do not wanna hit the database everytime a check occurs ... so my idea was to save a SecurityObject to the session of the member but that's not accessible in WebApi.
My goal would be to extend the UmbracoHelper with IsAuthorized(...) and in the background the current login is checked against my security.
Maybe put a global object into cache where the whole databse is mirrored?
Sorry for beeing late :-) ... I didn't get any notification on this!
Cache sounds good but where is the best place to fill it and reset it if anything changes in the backend?
I guess the most transparent way would be the Authenticate event of the forms auth module but is it accessible in Umbraco?
I guess it's a common use case to log in again if anything changes in security...?!
The GetCacheItem method has overloads that take a TimeSpan so you can set an explicit time limit on how long something is cached for. So you could just cache for 20 mins or something, then after that it would hit DB again and then re-cache new result.
You can also explicitly clear an item from the cache by calling ClearCacheItem(username) (where username is your cache key). You can hook this into Umbraco application events etc.
Where to store member related security object globally
Hello,
I have build some complex custom security which I use within my controllers (Mvc & WebApi) and Views. Currently it's based on database but I do not wanna hit the database everytime a check occurs ... so my idea was to save a SecurityObject to the session of the member but that's not accessible in WebApi.
My goal would be to extend the UmbracoHelper with IsAuthorized(...) and in the background the current login is checked against my security.
Maybe put a global object into cache where the whole databse is mirrored?
Thanks a lot!
Dan's writing something as I type. In case it is different, you can enable the Sessions State: https://stackoverflow.com/questions/22354774/enable-session-in-web-api-2
To avoid hitting the database every time you could cache the authorisation request. Umbraco has some helper methods to make this easy, which are documented here: https://our.umbraco.org/Documentation/Reference/Cache/updating-cache
Example:
Obviously change your methods to reflect what you use, but I hope you get the gist.
Sorry for beeing late :-) ... I didn't get any notification on this! Cache sounds good but where is the best place to fill it and reset it if anything changes in the backend?
I guess the most transparent way would be the Authenticate event of the forms auth module but is it accessible in Umbraco?
I guess it's a common use case to log in again if anything changes in security...?!
The
GetCacheItemmethod has overloads that take a TimeSpan so you can set an explicit time limit on how long something is cached for. So you could just cache for 20 mins or something, then after that it would hit DB again and then re-cache new result.You can also explicitly clear an item from the cache by calling
ClearCacheItem(username)(where username is your cache key). You can hook this into Umbraco application events etc.Yes, that a good choice thanks a lot!
is working on a reply...