14

I tried to check if the user is in role at Application_BeginRequest and Application_AuthenticateRequest with this code and it will not work. At BeginRequest the code is never hit and Authenticate it's hit with some of the request and the profiler does not show up.

Checking only for Request.IsLocal works fine.

if(Request.IsAuthenticated)
{
  if(User.IsInRole("Admin");
    MiniProfiler.Start(); 
}

Any idea or why it's not working or better way to do it?

[Update] I accepted the awnser but undid it as I didn't quite get it do work

I did the following but the profiler is not showing up at first. After a few tries it started showing up, even when I tried to acess the site with incognito mode, so no cookie.

protected void Application_PostAuthorizeRequest(Object sender, EventArgs e)
{
        if (User.IsInRole("Admin"))
        {
            HttpCookie cookie =   HttpContext.Current.Request.Cookies.Get("RoleProfiler");
            if (cookie == null)
            {
                cookie = new HttpCookie("RoleProfiler");
                cookie.Value = "yes";
                cookie.Expires = DateTime.Now.AddDays(1d);
                Response.Cookies.Add(cookie);
            }
        }
 }

And I'm checking with

protected void Application_BeginRequest(Object sender, EventArgs e)
{            
        HttpCookie cookie = HttpContext.Current.Request.Cookies.Get("RoleProfiler");
        if ((cookie != null) && (cookie.Value == "yes") )
        {
            MvcMiniProfiler.MiniProfiler.Start();
        }
 }

And ending at the end of the request.

protected void Application_EndRequest()
{
        MvcMiniProfiler.MiniProfiler.Stop();
}

[Update2] Closing question, ignore this, I was being owned by outputcache.

Tadeu Maia
  • 1,194
  • 9
  • 20

3 Answers3

18

The cookie feanz mentions is a handy trick, a second method is profiling unconditionally and then abandoning the session for an unauthenticated user: 

protected void Application_BeginRequest()
{
   MvcMiniProfiler.MiniProfiler.Start();  
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
  if(!CurrentUserIsAllowedToSeeProfiler())
  {
    MvcMiniProfiler.MiniProfiler.Stop(discardResults: true);
  }
}
Sam Saffron
  • 128,308
  • 78
  • 326
  • 506
  • 9
    If you're using roles to determine access you need to do the check in `Application_PostAuthorizeRequest` (http://msdn.microsoft.com/en-us/library/system.web.httpapplication.postauthorizerequest.aspx). The roles module doesn't fire until after `AuthenticateRequest` is finished so `User.IsInRole("Profiler")` will always return `false` in `Application_AuthenticateRequest` – Adam Flanagan Jun 15 '11 at 07:39
  • @Adam ... its fine, you can abort the profiling results at any time in the request lifecycle ... also for extra low overhead you can only start profiling if a cookie is present, then double check and abandon if needed – Sam Saffron Jun 15 '11 at 07:41
8

Begin request happens before the user is fully authenticated in the request life cycle.

I solved this issue by adding a cookie if the user is in a role ("Admin" in your case) when the request is authenticated then you can check for this cookie on begin request and initialise the profiler.

It wont't work the first time but should every time after that.

Richard Forrest
  • 3,567
  • 2
  • 23
  • 32
5

This is my 2cent. 

        context.AcquireRequestState += (sender, e) =>
        {
            // Check debug in session. Can be set from Querystring. (?debug=true)
            if (HttpContext.Current.Session != null && HttpContext.Current.Session["Debug"] != null)
            {
                try{
                    bool debug = (bool)HttpContext.Current.Session["Debug"];
                    if (debug == true) 
                        MiniProfiler.Start();
                    else 
                        MiniProfiler.Stop(discardResults: true);
                }
                catch{ 
                    MiniProfiler.Stop(discardResults: true);
                }

            }// Or always show if Administrator.
            else if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated)
            {
                bool admin = HttpContext.Current.User.IsInRole("Administrator");
                if (admin == false)
                {
                    MiniProfiler.Stop(discardResults: true);
                }
            }
            else
            {
                MiniProfiler.Stop(discardResults: true);
            }
        };
manav m-n
  • 11,136
  • 23
  • 74
  • 97
henrik
  • 51
  • 1
  • 1