2

I am writing a ASP.NET ApiController that is hosted on IIS. In an action I need to invoke a Web Service named A provided by a company named Tencent. The service requires that I use a key to authenticate. The key is generate by calling another web interface, named B from Tencent and key is valid for 3 hours. Service B has a limitation on calls per day. Therefore I can't call B whenever I want to use A. I can only call B once and store the key in the database for future use.

That means every time I want to use Service A, I need to check the validation of key from database, and if it's expired, call B and get a new one.

Now, when I need to renew my key by calling B, what if before a new key is returned, the ApiController action is called again? The new request would also find that the key in database is stale, then goes on calling B again, invalidating A's newly gained key, causing A to fetch key again, endless loop.

My questions is, how do you get rid of this kind of worry? How do I start? From SQL or IIS or ASP.NET?

I am reading/writing database with EF6 and using ASP.NET MVC 5.

Thanks for your help!

-- Complement -- I was advised to use lock keyword. However I want to have a peace of mind knowing that lock will safe guard the database read/write piece across all IIS requests. So is there any article about how IIS handles multiple requests to the same ASP.NET module and concurrency control on that?

Lionet Chen
  • 832
  • 11
  • 26
  • A Lock will safe guard the read write across all iis request in a single app pool. This will be fine for an application which runs on a single instance. However to fully cover all bases please use a transaction and check a last modified/expiry date before allowing the update to take place. SQL server will then use the transactions to lock the row at the DB level see https://technet.microsoft.com/en-us/library/aa213039%28v=sql.80%29.aspx for more info on SQL server transactions – Stig Sep 18 '15 at 10:09

1 Answers1

1

Use a lock around the code in question. The lock keyword ensures that one thread does not enter a critical section of code while another thread is in the critical section. If another thread tries to enter a locked code, it will wait, block, until the object is released.

See https://msdn.microsoft.com/en-us/library/c5kehkcz.aspx

If it’s in a clustered environment they you will also need to create a transaction at the database level, which will check the last updated/expiry before performing an update.

Stig
  • 1,169
  • 1
  • 9
  • 12
  • 1
    Hi Stig, the two request is from IIS so they are not under the same context. Does a lock work across two different IIS request? I thought each request is handled by different process. – Lionet Chen Sep 15 '15 at 11:57
  • See http://stackoverflow.com/questions/6029804/how-does-lock-work-exactly for more info. In short a lock will ensure all threads accessing the locked functionality queue until the release on the lock is triggered. – Stig Sep 15 '15 at 12:00
  • Do you mean that all IIS requests are processed under the same scope which lock keyword have control on? Does the lock object need to be static / global or would a local object work? – Lionet Chen Sep 15 '15 at 12:30
  • I would lock the item using a simple object and ensure that it is private/static. This will allow its state to be shared between all instances of the class whilst preventing the object being modified from outside the class. Have a look at http://stackoverflow.com/questions/28274150/ecommerce-items-management/28276416#28276416 as an example which I describe a way to prevent multiple orders getting the same order number in an ecommerce system. – Stig Sep 15 '15 at 12:40