We are facing the issue during login process. when we have number of locations "AbpUserOrganizationUnits" (we have around 1500 Locations) and all of he locations is mapped to the users "AbpUserOrganizationUnits", The number of users are around 3000 this was working ok in our previous ABP 5 solution but after upgrading to Abp9 we found lot time it is taking top process the below code, around 3 minutes hence getting the timeout as well
In order top check this We have created a simple layered solution, and loaded with 2000 Locations. in this case we observed lo of time is taking at
As per our analysis we are suspecting on claims. This is very critial and makor concern.
3 Answer(s)
-
0
You are experiencing severe performance issues during login when users are mapped to a large number of organization units (e.g., 1500+ per user, 3000 users total) after upgrading to ABP 9.0. This is a known challenge when the claims principal is populated with a very large number of organization unit claims, as each claim is loaded and processed during authentication.
Solution & Recommendations
Claims Optimization:
- By default, ABP adds all organization unit IDs as claims to the user during login. With thousands of claims, this can cause significant performance degradation.
- You should avoid loading all organization unit claims into the user's principal if not strictly necessary for every request.
Recommended Approaches:
- Reduce Claims Count: Only add essential claims to the principal. If you only need to check organization membership occasionally, consider querying the database or using a cache instead of claims.
- Custom Claims Principal Factory: Override the
IUserClaimsPrincipalFactoryto limit or filter the organization unit claims added to the principal. - Use Data Filters: For data access, use ABP's data filtering and permission system instead of relying on claims for every organization unit.
- Paging or Caching: If you must check many organization units, implement paging or caching strategies outside the claims system.
Reference Implementation:
- See the official documentation for organization units and claims:
- See a similar performance issue and solution discussion:
Example: Custom Claims Principal Factory
public class MyUserClaimsPrincipalFactory : AbpUserClaimsPrincipalFactory { public MyUserClaimsPrincipalFactory( UserManager<IdentityUser> userManager, RoleManager<IdentityRole> roleManager, IOptions<IdentityOptions> optionsAccessor) : base(userManager, roleManager, optionsAccessor) { } protected override async Task AddOrganizationUnitsAsync(IdentityUser user, ClaimsIdentity identity) { // Only add a limited number of OUs, or none, or a summary claim // Example: Add only the first 10 OUs var organizationUnits = await UserManager.GetOrganizationUnitsAsync(user); foreach (var ou in organizationUnits.Take(10)) { identity.AddClaim(new Claim(AbpOrganizationUnitClaimType, ou.Id.ToString())); } } }- Register your custom factory in DI.
- ABP 9.x Changes:
- ABP 9 introduced some changes in claims and dynamic claims handling. If you have custom logic, review the upgrade notes and ensure your customizations are compatible.
Summary
- Do not add thousands of claims to the user principal.
- Use custom claims principal logic to limit claims.
- Use ABP's data filtering and permission system for organization unit checks.
- Review and optimize your login and claims logic for large-scale organization unit scenarios.
Sources:
- ABP Identity Module: Organization Units
- ABP Support: Register + Login slow with many tenants/claims
- ABP Support: Identity Server running slow
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
hi
Can you share your test project?
liming.ma@volosoft.com
Thanks.
-
0
[maliming] said: hi
Can you share your test project?
liming.ma@volosoft.com
Thanks.
Hi, You can give a try by creating a sample layered solution and creating the Locations
I emailed the script...
Let me know in case of any queries....
