我们在我们的 ASP.NET 网站中使用 securityTrimming 并使用站点地图来显示/隐藏菜单。但问题是对于每个回帖,它都会不断地进入这个类并通过 IsAccessibleToUser 方法。
由于我们使用的是活动目录组,这确实是一个性能问题。(当第一次调用从 AD 获取组时,我已经缓存了组(用户所属的),但执行此方法仍然需要时间。
如果有人建议我使用其他方法来提高此方法的性能,或者不为每个回帖调用此方法,那就太好了。到目前为止,据我所知,此方法会自动从站点地图和菜单中执行。
网络配置:
<siteMap defaultProvider="CustomSiteMapProvider" enabled="true">
<providers>
<clear/>
<add siteMapFile="Web.sitemap" name="CustomSiteMapProvider" type="xxx.CustomSiteMapProvider"
description="Default SiteMap provider." securityTrimmingEnabled="true"/>
</providers>
</siteMap>
类文件..
public class CustomSiteMapProvider : System.Web.XmlSiteMapProvider
{
public override bool IsAccessibleToUser(System.Web.HttpContext context, System.Web.SiteMapNode node)
{
// return true false depend on user has access to menu or not.
// return UserIsInRole(string role, string userName);
}
}
这就是我们从 AD 获取角色并缓存它们的方式。(我得到此代码的基础来自另一篇文章)
public class SecurityHelpler2 : WindowsTokenRoleProvider
{
/// <summary>
/// Retrieve the list of roles (Windows Groups) that a user is a member of
/// </summary>
/// <remarks>
/// Note that we are checking only against each system role because calling:
/// base.GetRolesForUser(username);
/// Is very slow if the user is in a lot of AD groups
/// </remarks>
/// <param name="username">The user to check membership for</param>
/// <returns>String array containing the names of the roles the user is a member of</returns>
public override string[] GetRolesForUser(string username)
{
// contain the list of roles that the user is a member of
List<string> roles = null;
// Create unique cache key for the user
string key = username.RemoveBackSlash();
// Get cache for current session
Cache cache = HttpContext.Current.Cache;
// Obtain cached roles for the user
if (cache[key] != null)
{
roles = new List<string>(cache[key] as string[]);
}
// is the list of roles for the user in the cache?
if (roles == null)
{
// create list for roles
roles = new List<string>();
Dictionary<string, string> groupNames = new Dictionary<string, string>();
// check the groups are available in cache
if (cache[Common.XXX_SEC_GROUPS] != null)
{
groupNames = new Dictionary<string, string>(cache[Common.XXX_SEC_GROUPS] as Dictionary<string, string>);
}
else
{
// if groups are not available in the cache get again
// here we are getting the valid group from web config
// also add to the cache inside this method
groupNames = Utility.GetRetailSecurityGroups();
}
// For each role, determine if the user is a member of that role
foreach (KeyValuePair<String,String> entry in groupNames)
{
if (base.IsUserInRole(username, entry.Value))
{
roles.Add(entry.Value);
}
}
// Cache the roles for 1 hour
cache.Insert(key, roles.ToArray(), null, DateTime.Now.AddHours(1), Cache.NoSlidingExpiration);
}
// Return list of roles for the user
return roles.ToArray();
}
}
}
最后我从 IsAccessibleToUser 方法调用以下方法。
/// <summary>
/// Get the usr role from the cache and check the role exists
/// </summary>
/// <param name="role"></param>
/// <param name="userName"></param>
/// <returns>return true if the user is in role</returns>
public static bool UserIsInRole(string role, string userName)
{
// contains the list of roles that the user is a member of
List<string> roles = null;
// Get cache for current session
Cache cache = HttpContext.Current.Cache;
string key = userName.RemoveBackSlash();
// Obtain cached roles for the user
if (cache[key] != null)
{
roles = new List<string>(cache[key] as string[]);
}
else
{
// if the cache is null call the method and get the roles.
roles = new List<string>(new SecurityHelpler2().GetRolesForUser(userName) as string[]);
}
if (roles.Count > 0)
{
return roles.Contains(role);
}
return false;
}