I have an issue with Roles.IsUserInRole function. It take hell amount of time to just check if the logged-in user is in particular role(typ 3-9 sec). I searched to find a solution and arrived on this but I am not sure If I have fully grasped it.
What I got from the above, A new derived class is created. Inside that class, there is a list which retrieves all user at once. The next time you check IsUserInRole, you do not use the actual IsUserInRole method but rather use the one you overrode in your class. Is this the correct description? Am I on track?
My question is, can data be share between two different users in ASP.NET application? If yes, will the shared data exist only if there is at least one user logged in. If all users logs out, that shared data is destroyed? My point is this data will be created only one time whenever a user logs in. For all subsequent users they can use this data and check their roles against the list? I need a detailed answer.
My application has users and different roles. We are using ASP.NET roles.
Best Answer
As @Quagmire said, yes you can share data between your users, and the best choice would be to use the Application scope (see How To Store Data in the Application Scope).
That way, you don't need to cache anything.
However, I have a remark. I don't know enough about the application you are writing, but be careful about storing user roles, and never refreshing that information. If the user roles change in your database (or place where you are storing these information), your application would need to be restarted for these changes to be known... Not very pretty.
If the user roles never change,
Applicationis good enough. However, if they change, there is a better solution, use ASP.NET's caching infrastructure. You can even define sliding and absolute expiration that will effectively remove the user roles information from the cache at some point.I checked out the article linked by @KenHenderson, and he basically does that except that he sets no sliding/absolute expiration which means the cache never gets refreshed.
What I would do is attempt to improve his nice solution by setting a sliding expiration time of 30 minutes. After thirty minutes without activity, the information is removed from the cache, and the next time the user connects to your application, the user roles are refreshed.