Kendo Menu Security Trimming Calling Authorize excessively

3 posts, 0 answers
  1. Micah Marshall
    Micah Marshall avatar
    2 posts
    Member since:
    Apr 2009

    Posted 17 Oct 2014 Link to this post


    I am using the Kendo Menu (through a bound site map, although the issue is also present if used through the helper class directly) and have noticed an issue with the menu calling our AuthorizationRoles attribute multiple times per item in the list.

    There are 3 items in an example site map:
      <siteMapNode  title="" description="">
        <siteMapNode title="Home" controller="Home" action="Index"></siteMapNode>
        <siteMapNode title="Person" controller="People" action="Person" >
          <siteMapNode title="Manage Person" controller="People" action="ManagePerson"></siteMapNode>

    The People controller is quite large and contains 64 public Actions which all has our Authorize Attribute.  Home has 0 Actions with Authorize Attributes.
    For each load of the page, the Authorize attribute gets called 128 times for the menu alone.  Playing around with it, it gets called x times y amount where x is the number of methods with an authorize attribute in a given controller and y is the number of sitemap nodes referencing that controller.

    Does anyone know if there is something I'm doing incorrectly or some way to fix the trimming so it only hits the action it's pointing to and not the entire controller for each item on the list?  We cache this item to speed it up, but in production it's making over 1000 calls to this function per page load and is quite intensive.

    Current Razor used to generate the menu:
            .BindTo("WebSiteMap", (item, siteMapNode) => { })

    Thanks for your help!
  2. Micah Marshall
    Micah Marshall avatar
    2 posts
    Member since:
    Apr 2009

    Posted 17 Oct 2014 Link to this post

    Just saw -'debug'-mode

    It might be related to this which would make some sense.
  3. Georgi Krustev
    Georgi Krustev avatar
    3747 posts

    Posted 21 Oct 2014 Link to this post

    Hi Micah,

    In general, the built-in security trimming functionality uses the ASP.NET MVC Authorization (uses the authorization attributes if there are any). This means that Menu will call the corresponding authorization attributes for every menu item that has a define Action method. This is a slow operation and that is why is cached, but only in release mode. Give a try the Troubleshooting section and let me know if the problem still persists.

    Georgi Krustev

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

Back to Top