Performance Question

[A. Elamiri]

I am building a portal for a college. I have offices and departments divided
into groups, and within each group there is 3 different levels of Authority:
Director
Director Delegate
Content Creator

Access to certain folder is restricted to certain group, but at the same
time it can restricted by Authority level within that group also.

Which way would be more efficient and would cause the least impact in terms
of performance:
Setting roles in web.confg as <officename>-<authority level>. there are
about 40 different offices and departments, this would mean that in the
worst-case scenario I would have 40 x 3 = 120 Roles defined in the
web.config (I was concerned that it may be too much)

Second option would be to define under each restricted directory in the
AppSettings a MinimumAuthority appSettings key, so I would read that then
concatenate it with the Group name that the user belongs to and check if the
user is in that role. That would mean that in a worst-case scenario I would
only put 40 different group names in there

which way would be more efficient

 

[Alvin Bruney [MVP]]

In your case, it is not a matter of efficiency because reading the options
incur a disk I/O cost. Rather you should focus on maintainability. The
webconfig file stands out here because it can be edited by most anyone with
notepad experience. In addition, changes to the roles are immediately
applied thru an application restart. Not so with the appsettings.
Appsettings are read on app startup. This is easier for non-technical people
who do not necessarily want to mess with IIS internals to apply settings.

 

[A. Elamiri]

Changes are actually done from within the Web Application which edits the
Web.Config file. No one but Administrators have access to that feature.
So it wouldn't matter if I had 120 roles stored in the web.config? I was
thinking that maybe the more the roles the more time it will take for the
Authentication logic to check whether a user belongs to a role which is
authorized

--
Abdellah Elamiri
..net Developer
Efficacy through simplicity

In your case, it is not a matter of efficiency because reading the options
incur a disk I/O cost. Rather you should focus on maintainability. The
webconfig file stands out here because it can be edited by most anyone with
notepad experience. In addition, changes to the roles are immediately
applied thru an application restart. Not so with the appsettings.
Appsettings are read on app startup. This is easier for non-technical people
who do not necessarily want to mess with IIS internals to apply settings.

--
Regards,
Alvin Bruney [ASP.NET MVP]
Got tidbits? Get it here...
http://tinyurl.com/27cok

I am building a portal for a college. I have offices and departments
divided
into groups, and within each group there is 3 different levels of
Authority:
Director
Director Delegate
Content Creator

Access to certain folder is restricted to certain group, but at the same
time it can restricted by Authority level within that group also.

Which way would be more efficient and would cause the least impact in
terms
of performance:
Setting roles in web.confg as <officename>-<authority level>. there are
about 40 different offices and departments, this would mean that in the
worst-case scenario I would have 40 x 3 = 120 Roles defined in the
web.config (I was concerned that it may be too much)

Second option would be to define under each restricted directory in the
AppSettings a MinimumAuthority appSettings key, so I would read that then
concatenate it with the Group name that the user belongs to and check if
the
user is in that role. That would mean that in a worst-case scenario I
would
only put 40 different group names in there

which way would be more efficient