Search code examples
c#asp.net-mvcperformanceasp.net-identityidentity

Ignore Authentication Validation for static files in ASP.NET Identity

I use asp.net identity 2 in my application for implement Identity system. When I Profile my application with EF Profiler.

I see some problem that it is connected to the database in per static file request. this is so bad for performance and page loading speed. enter image description here

for solving this problem I write following code:

Global.asax

    protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        if (shouldIgnoreRequest())
            return;
        if (Context.User == null)
            return;
    }
    private bool shouldIgnoreRequest()
    {
        string[] reservedPath =
        {
            "/__browserLink",
            "/favicon.ico",
            "/img",
            "/css"
            ,"/w",
            "/js"
        };
        var rawUrl = Context.Request.RawUrl;
        if (reservedPath.Any(path => rawUrl.StartsWith(path, StringComparison.OrdinalIgnoreCase)))
        {
            return true;
        }
        return BundleTable.Bundles.Select(bundle => bundle.Path.TrimStart('~'))
            .Any(bundlePath => rawUrl.StartsWith(bundlePath, StringComparison.OrdinalIgnoreCase));
    }

RouteConfig.cs

  routes.IgnoreRoute("img/{*pathinfo}");
  routes.IgnoreRoute("js/{*pathinfo}");
  routes.IgnoreRoute("css/{*pathinfo}");
  routes.IgnoreRoute("{file}.gif");
  routes.IgnoreRoute("{file}.jpg");
  routes.IgnoreRoute("{file}.js");
  routes.IgnoreRoute("{file}.css");
  routes.IgnoreRoute("{file}.png");
  routes.IgnoreRoute("{file}.pdf");
  routes.IgnoreRoute("{file}.htm");
  routes.IgnoreRoute("{file}.html");
  routes.IgnoreRoute("{file}.swf");
  routes.IgnoreRoute("{file}.txt");
  routes.IgnoreRoute("{file}.xml");
  routes.IgnoreRoute("{*favicon}", new { favicon = @"(.*/)?favicon.ico(/.*)?" });

How Can I Ignore this requests for authentication?

Solution

  • Try customizing the OnValidateIdentity to ignore unwanted requests:

    app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   // ...
    Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = context =>
        {
            if(shouldIgnoreRequest(context)) // How to ignore Authentication Validations for static files in ASP.NET Identity
            {
                return Task.FromResult(0);
            }
            return container.GetInstance<IApplicationUserManager>().OnValidateIdentity().Invoke(context);
        }
    },
    // ...
});

    Using this method

    private static bool shouldIgnoreRequest(CookieValidateIdentityContext context)
{
    string[] reservedPath =
    {
        "/__browserLink",
        "/img",
        "/fonts",
        "/Scripts",
        "/Content",
        "/Uploads",
        "/Images"
    };
    return reservedPath.Any(path => context.OwinContext.Request.Path.Value.StartsWith(path, StringComparison.OrdinalIgnoreCase)) ||
                       BundleTable.Bundles.Select(bundle => bundle.Path.TrimStart('~')).Any(bundlePath => context.OwinContext.Request.Path.Value.StartsWith(bundlePath,StringComparison.OrdinalIgnoreCase));
}