UserManager and SecurityContext disposing

Dec 7, 2013 at 10:26 AM
Edited Dec 7, 2013 at 10:27 AM
I noticed few things:

You are holding SecurityContext instance in static member for all application lifetime in WebSecurity class with userManager property. Wouldn't it be correct to use a context instance per request when working with Web applications and dispose of the context when it is no longer required. Also in some situation you possible may end up with orphaned entity status when using separate context instances in UserManager and UoW for security context. Is it would be much safer to share same instance of context in UoW and UserManager?

Also i can't find where SecurityContext get been disposed? Despite UnitOfWork class has Dispose methode it never be called in WebSecurity class.
Dec 31, 2013 at 3:02 PM
The userManager property does not hold a static instance of the SecurityContext; it is "newed" each time you call this static property. It is working more like a factory and may not be the best way to use a property. It is just a shortcut for the long string of code required to create a new UserManager instance.

You are correct that the UnitOfWork instances were not getting disposed correctly. I made a bad assumption that the Dispose method would be called when they went out of scope. I have fixed this issue by putting the UnitOfWork instances in a using statement. You do not have to call Dispose directly and this is the better way to handle it so that they are properly disposed when an exception occurs. You can get this fix in the latest release.