Does asp.net do any caching when checking for [Authorize (Roles = "Student")]
I have a method that I would like to restrict for use by people who are playing the "Student" role. I would like to explore different ways of doing this.
At first I know I can decorate the method like this:
[Authorize(Roles = "Student")]
If I know that the "Student" role has a RoleId of 4, and if I know that the user has a UserId of 2, then:
is a decorating method more efficient than each user in a role allows, then picking against my Identity 2 database to see if user 2 has a roleId value of 4 in the AspNetUserRoles table.
As FYI I am using WebAPI with ASP.Net Identity 2.1 and bearer authentication. All my users access through the web browser interface. If there is no caching, but a way to enable caching, I would advise anyone who could advise me on how to use this if it is not enabled by default.
source to share
You can enable role provider caching functionality from web.config with CacheRolesInCookie
. See this link for details .
Alternatively, you can always override the default role provider (see this link for more details), but I think this is not really what you care about ...
source to share