user.isinrole 和 IsInRoleAsync(TUser user, string role) 的区别

Question

I am from a MVC background and Have just started working on ASP.Net Core. I am using Identity for Authentication.

For Authorization, In MVC I used to use:

if(User.IsInRole("TestRole"))

In .Net Core, it seems like :

if(await IsInRoleAsync(User,"TestRole"))

From my initial impressions, It looks like MVC used to check in the claims where as Core checks from the database every single time. Am I correct in my assumption and that there is a DB trip every time the method is called in Core?

If it is checking from the DB every time, would it not be an expensive operation and how is it any beneficial from the claims check?

Answer 1

Identity now relies on the implementation by the UserStore<TUser> assigned to the UserManager<TUser> in use. If you use the Entity Framework package, the UserStore<TUser> implementation always checks against the database.

You can create your own UserStore<TUser> and check against the Controller.User 's Claims property or even perform some sort of caching after getting the claims the first time. It's up to you what you use and how you cache/refresh those values.

Notice that the previous implementations performed a synchronous database call if the Claims weren't already retrieved, so you should be thankful it now is IsInRoleAsync .

Answer 2

From the Source Code you can see that It is using DbSet

public TContext Context { get; private set; }

private DbSet<TUser> UsersSet { get { return Context.Set<TUser>(); } }
private DbSet<TRole> Roles { get { return Context.Set<TRole>(); } }
private DbSet<TUserClaim> UserClaims { get { return Context.Set<TUserClaim>(); } }
private DbSet<TUserRole> UserRoles { get { return Context.Set<TUserRole>(); } }
private DbSet<TUserLogin> UserLogins { get { return Context.Set<TUserLogin>(); } }
private DbSet<TUserToken> UserTokens { get { return Context.Set<TUserToken>(); } }