C
C#12mo ago
SwaggerLife

❔ Will this operation be expensive or not?

During a request, I'm checking whether a user is currently suspended or not. So during each request I'm hitting the database and getting the user 
builder.Services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.Events = new JwtBearerEvents
                {
                    OnTokenValidated = async context =>
                    {
                        var claimsPrincipal = context.Principal;
                        if (claimsPrincipal == null)
                        {
                            context.Fail("Access denied");
                            return;
                        }

                        var claim = claimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
                        if (string.IsNullOrEmpty(claim) || !Guid.TryParse(claim, out _))
                        {
                            context.Fail("Access denied.");
                            return;
                        }
                        
                        var userManager = context.HttpContext.RequestServices.GetRequiredService<UserManager<User>>();
                        var user = await userManager.FindByIdAsync(claim);

                        if (user == null || user.IsSuspended)
                        {
                            context.Fail("Access denied.");
                        }
                    }
                };
builder.Services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.Events = new JwtBearerEvents
                {
                    OnTokenValidated = async context =>
                    {
                        var claimsPrincipal = context.Principal;
                        if (claimsPrincipal == null)
                        {
                            context.Fail("Access denied");
                            return;
                        }

                        var claim = claimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
                        if (string.IsNullOrEmpty(claim) || !Guid.TryParse(claim, out _))
                        {
                            context.Fail("Access denied.");
                            return;
                        }
                        
                        var userManager = context.HttpContext.RequestServices.GetRequiredService<UserManager<User>>();
                        var user = await userManager.FindByIdAsync(claim);

                        if (user == null || user.IsSuspended)
                        {
                            context.Fail("Access denied.");
                        }
                    }
                };
It just feel like this is not the right way?
5 Replies
JakenVeina
JakenVeina12mo ago
nah, it's fine odds are your database and app are co-located, so the latency isn't gonna be a huge deal if you OBSERVE performance issues with this, due to request volume, then you just add a caching layer
SwaggerLife
SwaggerLife12mo ago
Yeah the app and database are co-located. Will I need to live in my car though? Is it going to be expensive money wise 🤣 😁
JakenVeina
JakenVeina12mo ago
no idea, honestly
Buffdude1100
Buffdude110012mo ago
Totally fine, your user id column is certainly indexed, the lookup will be super fast - can always add caching later if you have millions of requests or something
Accord
Accord12mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ phpmyadmini database to vsI'm currently trying to connect the database in vs. I try following a video and a page. But when i ❔ How to generate JSON Web Token with custom header field?I'm using System.IdentityModel.Tokens.Jwt. So far generating the token seems easy enough but the API❔ (OXIDE FOR RUST) void issues etc..Currently trying to merge refrence code from making a bubble and such into my KOTH event plugin im d❔ How to work with channel sinks in NET 3.5I'm attempting to reverse engineer how an application written in NET 3.5 gets data from a server by ❔ Visual Studio Code being weird.I just got back into coding using Visual Studio Code and I do a test to see if there's any extension❔ Hey all, looking for some help with Microsoft Graph.I can access an account on office 365, download a message and attachments, etc... but having troubleDebugger Breaks to External Files and Exception Handling Issue in C# .NET 8.0 with VS 2022I am coding my project in .NET 8.0 in the new Visual Studio 2022 Preview version. Whenever there is❔ ✅ Using sound in C#Could someone help me with adding a sound to my program. I'm trying to make a very basic timer which✅ Issues with method not being availableHello, I'm running latest version of .NET and latest version of EF Core and i'm trying to use bulk o✅ Content of .txt into LabelHello, I'm a beginner with C#, actualy i'm trying to past the content of a txt file into a Label or