I know the difference between static and instance classes, methods, and properties. That's my issue - I don't understand how code like "var currentUser = Membership.GetUser(userName, true)" can work in a method like "public static bool ChangePassword(string
userName, string currentPassword, string newPassword)" in WebMatrix.WebData.WebSecurity. In a busy environment isn't there a danger that users could overrun each others' data in this routine? The only way I can see this could work is if the HttpRequest
is processed in isolation from other requests, but then why not make Controllers and Models static too? Alternately I guess some sort of lock could be set ensuring single threading through WebSecurity methods, but this seems needlessly expensive of resources.
My curiosity is not idle - I need to replace WebSecurity with my own security layer because my shop requires all database access go through stored procedures. I'll use a static class and static methods if I'm sure I won't have data corruption in production.
Could someone please explain the execution model that allows this? Thankx...
↧