3

I am doing custom authorization using a class derived from AuthorizeAttribute and decorating my controllers with it. Per my understanding, only 1 instance of this attribute class is created to serve all requests. Is this correct? I am using locking inside, so want to be sure it causes no bottlenecks due to a single instance.

PS: I am using locking to retain values between OnAuthorization() and AuthorizeCore() calls as per this answer https://stackoverflow.com/a/12879182

Community
  • 1
  • 1
komratanomin
  • 85
  • 1
  • 8
  • 1
    For all intents and purposes, you can assume that a single `AuthorizeAttribute` instance can service multiple controller actions each of which run in a different thread. I'm not sure that once instance serves *all* of them, but you can think of it that way if it helps. So yes, `lock`ing may bottleneck. It's like this with other action filters as well, not just the `AuthorizeAttribute`. – danludwig Mar 27 '15 at 09:47
  • In my case, `AuthorizeCore()` calls an external webservice to check user authorization and locking will not allow more than 1 call at a time. Then is there a better way to do this, like implementing it in my base controller class? – komratanomin Mar 27 '15 at 09:58
  • 1
    If you are locking around a blocking operation like a network (web service) call, then yes, that sounds like a performance impediment. Implementing in a base controller would at least get each network call isolated into its own thread (same as the action being invoked). – danludwig Mar 27 '15 at 10:01

0 Answers0