in my app I'd like to add functionality for admins to go to the specific screen and make certain controllers/methods available for certain roles. Right now I'm using a build-in role check like
[Authorize(Roles = "APUL_Admin")]
So I changed that to be [AuthorizeExtended()]
and I'm implementing it like that:
public class AuthorizeExtended : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
// Point of interest **HERE**
return true;
}
}
which is all pretty standard.
At this moment (HERE see above) from HttpContextBase I know user's roles, and controller and method. And I can go to the DB and make sure those roles has access to this controller/action.
Here is my problem: I don't want to go to the database for every request since it is slow and it is a lot of overhead for DB. What's the best way to deal with that? Cache it? I'm looking for implementation details.
Any help is appreciated. Thank you!