C
C#17mo ago
V0FBU1VM

❔ Will this operation be expensive or not?

During a request, I'm checking whether a user is currently suspended or not. So during each request I'm hitting the database and getting the user 
builder.Services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.Events = new JwtBearerEvents
                {
                    OnTokenValidated = async context =>
                    {
                        var claimsPrincipal = context.Principal;
                        if (claimsPrincipal == null)
                        {
                            context.Fail("Access denied");
                            return;
                        }

                        var claim = claimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
                        if (string.IsNullOrEmpty(claim) || !Guid.TryParse(claim, out _))
                        {
                            context.Fail("Access denied.");
                            return;
                        }
                        
                        var userManager = context.HttpContext.RequestServices.GetRequiredService<UserManager<User>>();
                        var user = await userManager.FindByIdAsync(claim);

                        if (user == null || user.IsSuspended)
                        {
                            context.Fail("Access denied.");
                        }
                    }
                };
builder.Services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.Events = new JwtBearerEvents
                {
                    OnTokenValidated = async context =>
                    {
                        var claimsPrincipal = context.Principal;
                        if (claimsPrincipal == null)
                        {
                            context.Fail("Access denied");
                            return;
                        }

                        var claim = claimsPrincipal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
                        if (string.IsNullOrEmpty(claim) || !Guid.TryParse(claim, out _))
                        {
                            context.Fail("Access denied.");
                            return;
                        }
                        
                        var userManager = context.HttpContext.RequestServices.GetRequiredService<UserManager<User>>();
                        var user = await userManager.FindByIdAsync(claim);

                        if (user == null || user.IsSuspended)
                        {
                            context.Fail("Access denied.");
                        }
                    }
                };
It just feel like this is not the right way?
5 Replies
JakenVeina
JakenVeina17mo ago
nah, it's fine odds are your database and app are co-located, so the latency isn't gonna be a huge deal if you OBSERVE performance issues with this, due to request volume, then you just add a caching layer
V0FBU1VM
V0FBU1VMOP17mo ago
Yeah the app and database are co-located. Will I need to live in my car though? Is it going to be expensive money wise 🤣 😁
JakenVeina
JakenVeina17mo ago
no idea, honestly
Buffdude1100
Buffdude110017mo ago
Totally fine, your user id column is certainly indexed, the lookup will be super fast - can always add caching later if you have millions of requests or something
Accord
Accord17mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server