Wednesday, December 14, 2011

Cache and security trimming in Sharepoint

If you use cache (I’m talking about not only standard ASP.Net cache, but cache in general) in the Sharepoint web application, you should keep in mind that users with different permissions may see different content on the site. E.g. if you crawl site and all its sub sites for the documents which are tagged by particular managed metadata term in the custom web part and want to speed up the process by adding caching, you should wonder does current user have access to the particular document before to show the link to this document even if it comes from the cache. Often developers forget about it.

Consider the following example: user A with administrative permissions comes on site – web part crawls the sub sites, stores result in the cache and display them in UI. Then user B with reader permissions comes on the same site. If web part will use cache which was filled for user A, then user B may see documents which he can’t access. The issue can be solved by adding SPContext.Current.Web.CurrentUser.ID to the cache key, so different users will have own cache. If you wonder about amount of users, you may use more common identifier – e.g. group id for he users with similar permissions. In this case users within one group will use the same cache. For those users which belong to several groups – you should rather create cache for each possible combination of the groups or use cache of the most powerful group.

No comments:

Post a Comment