如何停止调用Sitemap提供程序IsAccessibleToUser每个帖子

时间:2012-09-21 08:58:23

标签: asp.net sitemap sitemapprovider

我们在ASP.NET网站中使用securityTrimming并使用站点地图显示/隐藏菜单。但问题在于每个帖子都会继续进入这个课程并通过 IsAccessibleToUser方法。

由于我们使用的是活动目录组,因此它确实是一个性能问题。 (当我从AD获取组时第一次调用时,我已经缓存了组(用户所属的组),但仍需花时间执行此方法。

如果某些机构建议我改进此方法的性能,或者不为每个帖子调用此方法,那将会很棒。截至目前,据我了解,此方法自动从站点地图和菜单执行。

的Web.config:

<siteMap defaultProvider="CustomSiteMapProvider" enabled="true">
      <providers>
        <clear/>
        <add siteMapFile="Web.sitemap" name="CustomSiteMapProvider" type="xxx.CustomSiteMapProvider"
                   description="Default SiteMap provider."  securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>

班级档案.. 

public class CustomSiteMapProvider : System.Web.XmlSiteMapProvider
    {

        public override bool IsAccessibleToUser(System.Web.HttpContext context,    System.Web.SiteMapNode node)
        {
          // return true false depend on user has access to menu or not.
          // return UserIsInRole(string role, string userName);
        }
    }

这就是我们从AD获取角色并缓存它们的方式。 (我得到了这段代码的基础来自另一篇文章)

public class SecurityHelpler2 : WindowsTokenRoleProvider
    {
        /// <summary>
        /// Retrieve the list of roles (Windows Groups) that a user is a member of
        /// </summary>
        /// <remarks>
        /// Note that we are checking only against each system role because calling:
        /// base.GetRolesForUser(username);
        /// Is very slow if the user is in a lot of AD groups
        /// </remarks>
        /// <param name="username">The user to check membership for</param>
        /// <returns>String array containing the names of the roles the user is a member of</returns>
        public override string[] GetRolesForUser(string username)
        {
            // contain the list of roles that the user is a member of
            List<string> roles = null;


            // Create unique cache key for the user
            string key = username.RemoveBackSlash();

            // Get cache for current session
            Cache cache = HttpContext.Current.Cache;

             // Obtain cached roles for the user
             if (cache[key] != null)
             {
                roles = new List<string>(cache[key] as string[]);
             }

            // is the list of roles for the user in the cache?
            if (roles == null)
            {
                // create list for roles 
                roles = new List<string>();
                Dictionary<string, string> groupNames = new Dictionary<string, string>();


                // check the groups are available in cache
                if (cache[Common.XXX_SEC_GROUPS] != null)
                {
                    groupNames = new Dictionary<string, string>(cache[Common.XXX_SEC_GROUPS] as Dictionary<string, string>);
                }
                else
                {
                    // if groups are not available in the cache get again
            // here we are getting the valid group from web config  
                    // also add to the cache inside this method
                    groupNames = Utility.GetRetailSecurityGroups();
                }

                // For each  role, determine if the user is a member of that role
                foreach (KeyValuePair<String,String> entry in groupNames)
                {
                    if (base.IsUserInRole(username, entry.Value))
                    {
                        roles.Add(entry.Value);
                    }
                }

                // Cache the roles for 1 hour
                cache.Insert(key, roles.ToArray(), null, DateTime.Now.AddHours(1), Cache.NoSlidingExpiration);

            }

            // Return list of roles for the user
            return roles.ToArray();
        }
    }
}

最后我从IsAccessibleToUser方法调用了以下方法。

/// <summary>
    /// Get the usr role from the cache and check the role exists
    /// </summary>
    /// <param name="role"></param>
    /// <param name="userName"></param>
    /// <returns>return true if the user is in role</returns>
    public static bool UserIsInRole(string role, string userName)
    {
        // contains the list of roles that the user is a member of
        List<string> roles = null;

        // Get cache for current session
        Cache cache = HttpContext.Current.Cache;
        string key = userName.RemoveBackSlash();

        // Obtain cached roles for the user
        if (cache[key] != null)
        {
            roles = new List<string>(cache[key] as string[]);
        }
        else
        {
            // if the cache is null call the method and get the roles.
            roles = new List<string>(new SecurityHelpler2().GetRolesForUser(userName) as string[]);
        }

        if (roles.Count > 0)
        {
            return roles.Contains(role);
        }

        return false;
    }

2 个答案:

答案 0 :(得分:0)

根据SiteMapProvider的设计,始终会调用IsAccessibleToUser。如果不是要调用它,则必须缓存前一个调用的结果。 SiteMapProvider无法决定在您的情况下是否正确缓存结果。这是你的决定。您需要的任何缓存都必须在您的实现中。

我相信您从Active Directory获取数据的功能在SecurityHelpler2().GetRolesForUser

对此函数的任何调用都会非常慢。从缓存中获取的其余代码应该非常快。

由于您的缓存仅在1小时内有效,因此用户点击的每小时都会非常慢。

如果您已经了解您网站的用户(而且数量不是很大),为了加快速度,您可以为所有用户预加载Cache。对于活跃用户,滑动过期会更好。这样,用户将具有相同的角色,直到它们处于活动状态。在下次登录时,将从Active目录中加载较新的角色。

答案 1 :(得分:-1)

我建议您实施自定义IAclModule,而不是覆盖提供商。在本单元中,您可以为IsAccessibleToUser方法编写任何逻辑。同样的结果,更优雅。

请在此处查看示例:https://github.com/maartenba/MvcSiteMapProvider/wiki/Security-Trimming

相关问题
最新问题