Changed FormsAuthenticationService to remember that authenticated user is non-item throughout the request.

Fixes #5997

src/Orchard/Security/Providers/FormsAuthenticationService.cs

@@ -22,6 +22,13 @@ namespace Orchard.Security.Providers {
         private IUser _signedInUser;
         private bool _isAuthenticated;
 
+        // This fixes a performance issue when the forms authentication cookie is set to a
+        // user name not mapped to an actual Orchard user content item. If the request is
+        // authenticated but a null user is returned, multiple calls to GetAuthenticatedUser
+        // will cause multiple DB invocations, slowing down the request. We therefore
+        // remember if the current user is a non-Orchard user between invocations.
+        private bool _isNonOrchardUser;
+
         public FormsAuthenticationService(
             ShellSettings settings,
             IClock clock,
@@ -113,6 +120,10 @@ namespace Orchard.Security.Providers {
         }
 
         public IUser GetAuthenticatedUser() {
+
+            if (_isNonOrchardUser)
+                return null;
+
             if (_signedInUser != null || _isAuthenticated)
                 return _signedInUser;
 
@@ -147,6 +158,7 @@ namespace Orchard.Security.Providers {
 
             _signedInUser = _membershipService.GetUser(userDataName);
             if (_signedInUser == null || !_membershipValidationService.CanAuthenticateWithCookie(_signedInUser)) {
+                _isNonOrchardUser = true;
                 return null;
             }