Context.Cache Http Modules AuthenticateRequest

Hi all I need a little advise!



I've implemented an http module that registers a delegate with the
AuthenticateRequest event. In this function I retrieve the IIS server
variable LOGON_USER which I then do an AD query to locate the user. What I
started to do was rather than searching for the user on every request I'd
cache it.



The problem I've noticed is that the module handles AuthenticateRequest for
any and every request (including CSS Style Sheets, images etc) so I
potentially end up with n threads entering the function all clambering to
access the cache to retrieve the identity based on the LOGON_USER server
variable. When I need to create the identity I have to lock access to the
cache (or I'd end up with lots of AD queries for each request thread) the
problem with locking however is I'm stopping page requests that potentially
don't need a security token images, CSS, xml etc.



Is it acceptable to lock on a global object when adding objects to the
cache? Should I look at locking on a per user object also in the cache? So I
limit holding up other requests for other users?



Robert.


===================================
This list is hosted by DevelopMentor®  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com