0

I am trying to extend IPrincipal. What is the best way for storing extra properties?

  1. serialize them into cookie and deserialize it on each Application_PostAuthenticateRequest
  2. store them in session
  3. make a database request on each Application_PostAuthenticateRequest
Evgraf
  • 187
  • 6
  • Could you show some of your code please? I'd asked a similar question a while ago, see if it helps : http://stackoverflow.com/questions/4531287/right-way-to-have-role-based-custom-auth-query-database-on-every-request-asp-net – gideon Dec 04 '12 at 04:19

1 Answers1

0

In my case I went with the first option, as it represented the easiest (and most efficient) way to incorporate the information into the existing authentication workflow.

I think your answer will really depend on the nature of the extra properties you are wanting to store.

  1. Storing them in a cookie could be problematic if the information changes frequently AND you have a lengthy cookie expiration period. In this case you may want to implement some logic for expiring a cookie.
  2. Using the session would be require you to refresh the properties you are storing when a request comes in following a session timeout - this is likely to occur more frequently than a cookie expiration.
  3. A Database request on each Application_PostAuthenticateRequest could prove inefficient depending on traffic, though doing so would ensure you always had the most recent data.
nick_w
  • 14,758
  • 3
  • 51
  • 71