Is this Custom Principal in Base Controller ASP.NET MVC 3 terribly inefficient?

Question

Despite the fact that I\'ve been on here for a while, this is my first ever question on SO, so please be gentle with me.

I\'m using ASP.NET MVC 3 and I

Answer 1

No - there is nothing specifically wrong with this code from a performance stand point that stands out. PLENTY of objects are creating on the back end in ASP.NET, your single object is a drop in the bucket. Since class instantiation is extremely fast I wouldn't be concerned about it.

Why are you ignoring sessions here? Session information doesn't have expiration dates, so there is no extra check behind the scenes. Unless you are using an out of proc session server, there is no serialization of your object (none with the cache either). The cache is for every user - so you right a chance (albeit slight) of a code error returning the wrong principal where a cache being per user - does not run the risk of that.

If you want this available for all requests there (not just MVC based) I would consider setting this in Application_PostAuthenticateRequest

Answer 2

This post may be of use. Notice the use of userdata in the authentication ticket.

ASP.NET MVC - Set custom IIdentity or IPrincipal