I'm having some trouble understanding the basic concepts of locking in a multi-user / web application. When a user gets authorized by our federation, he'll return with a username claim, which we'll then use to retrieve some extra info about him like so:
我在理解锁定多用户/ Web应用程序的基本概念时遇到了一些麻烦。当用户获得我们联合会的授权时,他将返回一个用户名声明,我们将使用该声明来检索有关他的一些额外信息,如下所示:
var claimsIdentity = (ClaimsIdentity)HttpContext.Current.User.Identity;
if(!claimsIdentity.HasClaim(CustomClaims.UserId)) //If not set, retrieve it from dataBase
{
//This can take some time
var userId = retrieveUserId(claimsIdentity.FindFirst(ClaimTypes.NameIdentifier));
//Because the previous call could take some time, it's possible we add the claim multiple time during concurrent requests
claimsIdentity.AddClaim(new Claim(CustomClaims.UserId, userId));
}
As indicated in the code, having duplicate claims isn't really what I'm looking for, so I thought I'd lock everything around the check whether the claim exists or not:
如代码中所示,具有重复的声明并不是我正在寻找的,所以我想我会锁定检查周围是否存在声明:
private static readonly object _authorizeLock = new object();
...
lock(_authorizeLock)
{
if(!claimsIdentity.HasClaim(CustomClaims.UserId)) //If not set, retrieve it from dataBase
{
...
}
}
However, this doesn't feel right. Wouldn't this lock be for all incoming requests? This would mean that even authorized users would still have to "wait", even though their info has already been retrieved.
但是,这感觉不对。这个锁不会适用于所有传入的请求吗?这意味着即使已经检索到他们的信息,即使是授权用户仍然必须“等待”。
Does anybody have an idea how I could best deal with this?
有没有人知道我怎么能最好地处理这件事?
1 个解决方案
#1
0
Answer 1: Get over it and live with duplicate entries.
答案1:克服它并使用重复的条目。
Answer 2: If you have sessions turned on you get implicit locking between requests from the same user (session) by accessing the session storage. Simply add a dummy
答案2:如果您打开了会话,则可以通过访问会话存储来获得来自同一用户(会话)的请求之间的隐式锁定。只需添加一个假人
Session["TRIGGER_SESSION_LOCKING_DUMMY"] = true
Answer 3: Implement some custom locking on an object indexed by your Identity. Something like this
答案3:对您的Identity索引的对象实施一些自定义锁定。像这样的东西
lock(threadSafeStaticDictionary[User.Identity.Name]) { ... }
Answer 4: Lock on the Identity object directly (which should be shared since you get duplicates) (though it is not recommended)
答案4:直接锁定Identity对象(由于您获得重复,应该共享)(尽管不建议这样做)
lock(User.Identity)
#1
0
Answer 1: Get over it and live with duplicate entries.
答案1:克服它并使用重复的条目。
Answer 2: If you have sessions turned on you get implicit locking between requests from the same user (session) by accessing the session storage. Simply add a dummy
答案2:如果您打开了会话,则可以通过访问会话存储来获得来自同一用户(会话)的请求之间的隐式锁定。只需添加一个假人
Session["TRIGGER_SESSION_LOCKING_DUMMY"] = true
Answer 3: Implement some custom locking on an object indexed by your Identity. Something like this
答案3:对您的Identity索引的对象实施一些自定义锁定。像这样的东西
lock(threadSafeStaticDictionary[User.Identity.Name]) { ... }
Answer 4: Lock on the Identity object directly (which should be shared since you get duplicates) (though it is not recommended)
答案4:直接锁定Identity对象(由于您获得重复,应该共享)(尽管不建议这样做)
lock(User.Identity)