How to Use or Deal With Server-Side SDKs not Designed for Concurrency in ASP.NET Core 2.1 with Razor Pages blazor c#


Update: As per it's request, the following is a more clean explanation of what I am trying to achieve, and a description of the context in which I am working.

Essentially, I am making a website using ASP.NET Core 2.1 with the Razor Pages framework, configured entirely with the default setup for everything. The important note is that I need to use a specific external provider as the app's data management service and thus cannot just implement a database with ASP.NET. Because of this, in the server-side code for most of the Pages, I am using a client SDK for said management service because it is easier to interact with than a REST API. The issue is that I am running into concurrency problems due to the fact that the SDK was designed to be used with one session at a time, and thus exposes static properties containing the session data such as the "current user". What I am asking is how I could possibly create a new execution or memory domain for each session that is created, so that each one can have it's own "current user", or how I could otherwise solve the concurrency nightmare that emerges when an SDK is used that is designed to only have the client deal with one user and/or session at a time in the entire backend. My previous notes about Blazor where attempting to describe the easiest analog for what I think could be a solution to this issue. I have heard about storing session data; however, as far as I am aware, everything must be serialized to JSON and stored in a file somewhere, which does not work for me as the data could be confidential.

Old Explanation (Still Somewhat Relevant): I am creating a website powered by ASP.NET Core 2.1 and am attempting to use an SDK that was designed to be used on an AppDomain that is unique to one specific application instance and/or session; this means that the SDK has multiple APIs which expose data-storage members (fields, properties, etc.) that are static. In terms of using such an SDK with ASP.NET Core, this exposure structure seems to be an issue because the runtime only allocates one single AppDomain, on the server-side, for all of the sessions collectively, and thus possibly multiple separate users, to share. If I do not have access to the source of this SDK and/or it cannot be changed, for purposes related to platform-agnosticism, how do I use the SDK successfully without only being able to store the data for one session at a time. Here is a simplified version of what I am working with:

Sample API:

public sealed class User
    public static User ActiveUser { get; private set; } 

    public static int TotalLogCyclesThisSession { get; private set; } = 0

    public string Username { get; internal set; }

    private string Password { get; internal set; }

    public string Name { get; internal set; }

    public string AccessKey { get; }

    public User(string username, string password)
        /* Populate Instance Properties with Relevant Data */

        ActiveUser = this;

    public void Logout()
        /* Clear Data from Settable Instance Properties */

        ActiveUser = null;

Assume that the static variables are used elsewhere in the SDK as well.

So basically, if the API above were real, how would I use it in ASP.NET Core, so that every session would have it's own entire copy of the SDK to use, including session-specific static variables. If possible, I am looking for something like how it is possible to create a Blazor "Client" assembly, that has a new AppDomain for every session, and a "Server" assembly, though I understand that solution implemented by Blazor may not be applicable considering that it has a browser-local runtime active as well, whereas ASP.NET Core does not. Worst-case scenario, the API can be modified, but it still must be platform-agnostic to most extents. Thanks in advance for all help.

7/23/2018 3:15:38 AM

Popular Answer

I have hard time to understand your problem. But I think the issue is some confusion about Blazor, but correct me if I'm wrong.

"create a Blazor "Client" assembly, that has a new AppDomain for every session"

So Blazor is a client side SPA build on .NET and runs WebAssembly in the browser. So technically you don't have classic "sessions", no session cookie, nothing. And defensively not multiple ones because the whole context is in the browser memory which used by a single user. Think about Blazor like a JS SPA e.g. Angular or React App. SPAs usually used with (stateless) APIs which can be authorized or not. You can do the same here. Just acquire a token (OAuth2) and pass it to your API. Here is an example code which does something similar with a user object than you were asking: UserModel.cs and here is the Authorized client ApiClient.cs code.

If you want to think in "sessions" and the classic way. Technically the session is in the browser memory, SPA state. The lifetime of the session is the expiration time of the token. But it is the same with every SPA application no mater if it JS or Blazor.

I hope this helps and answers your question.

6/28/2018 2:47:45 PM

Related Questions

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow