Looping through IAzApplication IAzRoles collection too slow

1
votes

I have this simple code which loops through all the apps in Azman and all their roles. It works great when I have no users assigned to the Roles. But the moment I assign users (2 of the roles have like 7000 users), the app hangs in foreach(IAzRole in _azApp.Roles) code...basically the moment you access the Roles collection it hangs and takes like 40 minutes to come out of it. This is totally unacceptable. Can anyone point me to a solution ? All I want is the list of role assignment names, why is the role assignments slowing this down...?

PS: All my users are in ADAM and Azman store is in ADAM as well. I have also tried looping through IAzTasks (roledefinition=1), but that is slow too.

    public override string[] GetAllRoles()
    {
        List<string> rolesList = new List<string>();
        foreach (IAzApplication2 _azApp in AZManStore.Applications)
        {
            foreach (IAzRole role in _azApp.Roles)
            {
                //Weird that Roles are retrieved using tasks collection
                if (!rolesList.Exists(delegate(string x) { return x == role.Name; }))
                    rolesList.Add(role.Name);
            }
        }

        return rolesList.ToArray();
    }
1
asp.netadamazman
Have you tried moving the 7000 users into a group (either AzMan group or Active Directory group) and assigning that group to the role? I'm completely guessing here, but I would think each role assignment creates a new object inside of ADAM, so your 7000 users turn into 7000 role assignments. If those 7000 are in 1 group and that group is assigned to the role, maybe that only creates 1 role assignment in ADAM?hawkke
That is an interesting thought..so when I need to unassign a user from that role, I take him out of the group instead?StackThis
Yep, that's the idea. We use Active Directory groups here at work, but we don't have anything near that magnitude of users so it's all just theory if it has any performance benefits. You'll have to try it out and let me know :)hawkke
I tried your approach. Ended up creating groups for all the roles and assigning groups to the roles instead. In the end every role had one assignment only. This made a slight difference in the reads...but the writes were as slow as earlier. Because now, when I want to assign a user a role, I have to add him to the group that is tied to the role. When this group has 7K users, the slowness returns with a vengeance :(StackThis

1 Answers

1
votes

Answering this question myself. I finally found out that caching the handle to Azman is what was needed to make it fast even when Azman was file based. I added a property like below to my custom AzmanProvider to accomplish this. And this brought down the role assignment time to 2 seconds!!

    public AzAuthorizationStoreClass AZManStore
    {
        get
        {
            if (_azManStore == null)
            {                    
                _azManStore = new AzAuthorizationStoreClass();
                _azManStore.Initialize(0, this.ConnectionStringName, null);
            }
            return _azManStore;
        }
    }