I have a .NET Core WebApp which logs the user in via the Azure AD. As soon as the user is logged in, I grab the Email address and check in my application database, which Role the user has.
Now the question is: Since the user can be locked (Db IsBlocked boolean field), I need to be able to update the user’s permissions. Because the user remains logged in all the time (single-sign-on), do I need to check the user’s permissions on each request? Meaning: On each request I query the DB for the permissions and update these accordingly ?
My concern is that this will result in a lot of requests to the DB, no ?
And also, can you update Claims ?