Can I start the MVC Mini Profiler in the PostAuthorizeRequest method?

Question

I'm using the MVC Mini Profiler and I'm only showing the profiler for authenticated users who are in the "Profiler" role. The example shipping in MiniProfiler.cs was using the AuthenticateRequest method to determine if it should stop profiling, but I switched mine to use the PostAuthorizeRequest (after reading this question) so that I could get access to the IPrincipal and IsInRole method. Can I just start the profiler in the PostAuthorizeRequest method, or should I continue to Stop and discard the results in the PostAuthorizeRequest? What is the overhead to starting and stopping the profiler for every request?

Current Code:

public void Init(HttpApplication context)
{
    context.BeginRequest += (sender, e) =>
    {
        MiniProfiler.Start();
    };

    context.PostAuthorizeRequest += (sender, e) =>
    {
        var user = ((HttpApplication)sender).Context.User;

        if (user == null || !user.Identity.IsAuthenticated || !user.IsInRole("Profiler"))
        {
            MvcMiniProfiler.MiniProfiler.Stop(discardResults: true);
        }
    };

    context.EndRequest += (sender, e) =>
    {
        MiniProfiler.Stop();
    };
}

Proposed Code:

public void Init(HttpApplication context)
{
    context.PostAuthorizeRequest += (sender, e) =>
    {
        var user = ((HttpApplication)sender).Context.User;

        if (user != null && user.Identity.IsAuthenticated && user.IsInRole("Profiler"))
        {
            MiniProfiler.Start();
        }
    };

    context.EndRequest += (sender, e) =>
    {
        MiniProfiler.Stop();
    };
}

score 6 · Accepted Answer · answered Aug 29 '11 at 23:01

6

You can abandon your profiling results at any time using the call:

MiniProfiler.Stop(discardResults: true);

At StackOverflow our "high performance" pattern is:

Write a "secretish" cookie for all authorized authenticated users.
If you find the cookie in Application_BeginRequest - MiniProfiler.Start();
After PostAuthorizeRequest:


if (MiniProfiler.Current != null && !userReallyAuthenticated) 
    MiniProfiler.Stop(discardResults: true);

Your goal is always to start profiling as early as possible, and stop profiling as late as possible. If you only start in the middle of the pipeline, portions of the pipeline where bottlenecks may reside will not be profiled.

answered Aug 29 '11 at 23:01

Sam Saffron

128,308
78
326
506

Okay, so you only start the profiler when the cookies exists (which could be set when they login), then do the real verification in PostAuthorizeRequest. – Austin Aug 30 '11 at 13:39
@Austin ... yes ... that is the least impact way – Sam Saffron Aug 30 '11 at 23:11
Great, thanks! I'm really enjoying the MiniProfiler, incredibly helpful. – Austin Aug 31 '11 at 14:05

score 1 · Answer 2 · answered Aug 29 '11 at 19:04

1

I think starting the profiler as early as possible is important (otherwise you could be missing some key information, such as if the authentication process it self takes a while, or if some HTTP module has issues).

Since the BeginRequest event occurs prior to anything else occurring with the request, this makes it the ideal place to begin profiling, then decide if you want to keep the profiled data at a later step (PostAuthorize, in your case).

answered Aug 29 '11 at 19:04

Kyle Trauberman

25,414
13
85
121

That makes sense, my concern is that most of my users will not see the profiler and so I'm wondering how much overhead having the profiler run from BeginRequest to PostAuthorizeRequest will create. – Austin Aug 29 '11 at 20:22
I don't have details about the overhead, but i doubt its very much, especially if you discard the profiled data when stopping the profiler (pass true to the Stop() method, I think). – Kyle Trauberman Aug 29 '11 at 20:50
1

You could always profile the profiler to get profiled data regarding the profiler's profiled data. – Kyle Trauberman Aug 29 '11 at 20:52

Can I start the MVC Mini Profiler in the PostAuthorizeRequest method?

2 Answers2