I'm only a newcomer to ASP.NET MVC and am not sure how to achieve a certain task the "right way".
Essentially, I store the logged in userId in HttpContext.User.Identity and have written an EnhancedAuthorizeAttribute
to perform some custom authorization.
In the overriden OnAuthorization
method, my domain model hits the database to ensure the current user id can access the passed in routeValue "BatchCode". The prototype is:
ReviewGroup GetReviewGroupFromBatchCode(string batchCode);
It will return null if the user can't access the ReviewGroup and the OnAuthorization then denies access.
Now, I know the decorated action method will only get executed if OnAuthorization passes, but I don't want to hit the database a second time to get the ReviewGroup again.
I am thinking of storing the ReviewGroup in HttpContext.Items["reviewGroup"]
and accessing this from the controller at the moment.
Is this a feasible solution, or am I on the wrong path?
Thanks!