Should I cache a WindowsIdentity object in a MVC app? If so, what's the best way to do it?

Question

I'm currently generating a WindowsIdentity object in my MVC application and I'd ideally would like to cache it so I won't be hitting the AD on every request; The problem is that I often get the exception: "Safe Handle has been closed"

I've read somewhere that this error pops up because after the request ends, IIS closes the handle of the thread principal (in this case a windows principal that I instantiate using the cached windows identity).

Cutting to the point, should I be caching this object? is caching the token a better idea? Or should I give up on the idea of caching any of those?

Thanks in advance!

What do you mean with "generate a WindowsIdentity" - that's typically done by IIS - not application code. Unless you are using Win32 LogonUser. — leastprivilege, Jul 14 '15 at 07:07

score 0 · Accepted Answer · answered Jul 17 '15 at 07:08

If you are using LogonUser to create Windows tokens - there is already some optimization and caching going on in the Windows kernel.

I would stay away from trying to optimize that, and as you already noticed, you should leave handle management to the OS.

Should I cache a WindowsIdentity object in a MVC app? If so, what's the best way to do it?

1 Answers1