6

I am developing an Intranet.NET MVC application. I need to store user details like location, ID Number etc associated with each authenticated users.

In .NET Webform applications we used to save the logged in user's details in session. But what is the best practise in .NET MVC application ?

Imad Alazani
  • 6,688
  • 7
  • 36
  • 58
James Stephan
  • 113
  • 2
  • 6
  • 1
    **[Check this Post. May be you find this helpful](http://stackoverflow.com/a/17199709/2015869)** – Imad Alazani Aug 21 '13 at 06:19
  • Thank you for your input. But I read somewhere that "TempData is meant to be a very short-lived instance, and you should only use it during the current and the subsequent requests only." Is there any way to maintain the data across a particular user session? – James Stephan Aug 21 '13 at 09:05
  • Are you using windows authentication or forms authentication? Do you have a database? – Erik Funkenbusch Aug 29 '13 at 14:01
  • Why not create and store an encrypted cookie (much like the authentication ticket) with those details stored inside? - http://formsauthext.codeplex.com/ – Tommy Aug 29 '13 at 14:44

3 Answers3

1

You can still use session state in MVC, but it is not advisable. MVC as a pattern respects the statelessness of HTTP.

One alternative is to use Cache which only stores information in memory. Here is a SO question with more information: Why would ASP.NET MVC use session state?

Here is one more: Is it a good practice to avoid using Session State in ASP.NET MVC? If yes, why and how?

Community
  • 1
  • 1
Slavo
  • 15,255
  • 11
  • 47
  • 60
1

There are a few way to skin this cat, but I'd argue that attaching profile information to the user would be the most elegant.

You'll need a Profile Provider that will persist your user's profile data. You can use the SqlProfileProvider for SQL Server, but I'd recommend looking at the Microsoft ASP.NET Universal Providers ref: http://www.nuget.org/packages/Microsoft.AspNet.Providers

Some shameless copy and paste from Scott Hanselman follows. Let's say you want to track a user's birthday:

public class MyCustomProfile : ProfileBase
{
    public DateTime? Birthdate {
        get { return this["Birthdate"] as DateTime?; }
        set { this["Birthdate"] = value; }
    }
}

Then you'd set it up in your web.config:

 <profile inherits="MyApp.Models.MyCustomProfile" defaultprovider="DefaultProfileProvider"></profile>

Finally, you can pull in the custom profile of the current user with:

var customProfile = HttpContext.Profile as MyCustomProfile;

DateTime? birthday = customProfile.Birthdate;

You'll have to set up your data store, but that's mostly what needs to be done. You can find the full nitty-gritty at Scott Hanselman's blog: http://www.hanselman.com/blog/IntroducingSystemWebProvidersASPNETUniversalProvidersForSessionMembershipRolesAndUserProfileOnSQLCompactAndSQLAzure.aspx

Mister Epic
  • 16,295
  • 13
  • 76
  • 147
0

I think the adage of, "use the right tool for the job", applies here. I don't see anything wrong with storing data in session as long as it is used correctly.

MVC provides other mechanisms for short term state (ModelState and TempData). If those meet your needs, use them. TempData is using SessionState behind the scenes anyway (as this question illustrates). If what you really need is data to remain in state for the duration of a users session and no longer, SessionSate is a good tool for that task.

Using caching is good also, but you need to manage the expiration/invalidation of the cache. I find caching most useful for things that are not session or user dependent, whether they be shorter or longer lived.

Community
  • 1
  • 1
PeaceFrog
  • 727
  • 1
  • 6
  • 14