IsInRole Performance Issue

  • Thread starter David Nicholson - SP/A Shaw Cablesystems
  • Start date
D

David Nicholson - SP/A Shaw Cablesystems

Hi,
We have a very large AD here and I am noticing that the WindowsPrinciple
IsInRole function is taking upwards of 1 second to respond with just a single
user. I am assuming that this function re-queries the AD everytime. When it
reaches about 50 users each query is taking > 10 seconds. Is there anyway to
cache the AD query and still use the IsInRole?
Thanks :)
 
G

Gabriel Lozano-Morán

Do you get performance problems when the number of roles a user is in is
higher than the magic number 23 ?

Gabriel Lozano-Morán
 
J

Joe Gilkey

Gabriel said:
Do you get performance problems when the number of roles a user is in
is higher than the magic number 23 ?

Gabriel Lozano-Moran

Try using the CacheRolesInCookie property on the Roles class (ASP.NET
2.0).
 
J

Joe Kaplan \(MVP - ADSI\)

Hey Todd!

That's a great post. Thanks for putting that together.

I really like your approach of resolve the role into a SID and check that
directly against the token instead of the other way around. It is very
common for the application to be interested in a pretty small number of
different groups/roles, so it really makes sense to do it this way.

Another behavior that I've noticed is that tends to affect performance is
that the ASP.NET model creates a new WindowsIdentity/WindowsPrincipal object
for each request instead of reusing an existing one. The internal hashtable
that holds the resolved group names needs to get reinitialized for each
request, which can also be slow. Simply caching the WindowsPrincipal and
reusing will make subsequent calls IsInRole MUCH faster.

This doesn't address the issue of the slow initial resolution like your code
does. I was just pointing out another subtle issue with the current model.

Thanks again!

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top