asp.net mvc storing username / other ID information after forms authentication for communicating with stateless wcf services

Question

hi,

I have reviewed some of the similar questions on this site but could not find one with an answer appropriate for my situation.

I am using asp.net mvc, and it is communicating securely with stateless wcf services. for each service call, i need to pass in the username and a few other ints for identification purposes. - not password, the services are not authenticating.

I am using forms auth to authenticate the users. I am just not sure where, after the user logs in, I should store their username and other account details used for the scope of the user's time logged into the site. suggestions for webforms apps include in "Session". Is there an equivilent alternative in MVC? is storing the info in the forms auth cookie the best solution? it seems like it would be slow to have that info in a cookie as opposed to somewhere else in memory..

thanks

Answer 1

yes, unless it's a lot of information, the preferred location is to store it in the cookie. Aside from that, session is the next best place.

Answer 2

If you need access to a select few bits of information about the current user over and over again, you could combine FormsAuthentication with a custom principal implementation.

The Forms authentication mechanism will write a cookie to your client's disk, and will recreate the custom principal based on that cookie for each call. You could e.g. store something like a user "level", a user "profile" or other small chunks of information, which would then be accessible through the HttpContext.Current.User at any time during the lifetime of your request.

Check out these resources on the topic:

• MSDN docs on How to Create a Custom Principal Identity
• Using Custom Principal with Forms Authentication in ASP.NET

and I'm sure googling or binging for "ASP.NET custom principal" will render quite a few more hits for you!