{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 劫难 的问题《IdentityServer4 too many calls cause performance i》','https://www.manongdao.com/q-248861.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am implementing a custom user store where my users provider lives in a separate service which I am reaching out using messaging.
The thing is GetProfileDataAsync and IsActiveAsync are getting called too many times (about 3 times each) causing messaging process to be launched each time.
Here is a simple implementation of IProfileService.
public class IdentityProfileService : IProfileService
{
private readonly UserManager<ApplicationUser> _userManager;
public IdentityProfileService (UserManager<ApplicationUser> userManager)
{
_userManager = userManager;
}
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var user = await _userManager.FindBySubjectIdAsync(context.Subject.GetSubjectId());
if (user != null)
{
context.IssuedClaims = user.Claims;
}
}
public async Task IsActiveAsync(IsActiveContext context)
{
var sub = context.Subject.GetSubjectId();
var user = await _userManager.FindByIdAsync(sub);
context.IsActive = user != null;
}
}
My question is:
Is there a way to minimize the number of these calls? or can I check for some info that's existence means that there is no need to call _userManager.FindBySubjectIdAsync again?
The Profile Service is not called too many times, but it is called multiple times with a different context:
Each caller expects a different result. That is why you should filter the claims by the requested claim types:
That is why the access_token contains different claims than the identity_token.
You could minimize the calls by not requesting info from other endpoints than the access endpoint. But you can also check the caller and act differently for each caller. You can also give the token a longer lifetime so you won't need to refresh the token that ofter.