1

I have a custom login system which works fine but I would like to add more fields to be retrieved from User.Identity if at all possible.

I basically have a login form which looks like this: 

if (ModelState.IsValid)
{
    string Identity = model.UserName;
    string password = model.Password;

    try
    {
        var User = (from u in ctx.Users
                    where u.UserName == model.UserName
                    select u).SingleOrDefault();

        bool userValid = ctx.Users.Any(user => user.EmailAddress == Identity || user.UserName == Identity) && Crypto.VerifyHashedPassword(User.Password, password);
        //bool userValid = ctx.Users.Any(user => user.EmailAddress == Identity || user.UserName == Identity) && User.Password == password;
        if (userValid)
        {   
            FormsAuthentication.SetAuthCookie(User.Name, false);
            return RedirectToAction("Index", "Home");
        }
        else
        {
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View();
        }
    }

    catch (Exception ex)
    {
        ModelState.AddModelError("", "The user name or password provided is incorrect.");
        return View();
    }
}

return View(model);

I then retrieve the UserName by simply using User.Identity.Name

This works fine and stores the username in the Authcookie. WHat I was hoping I could do is add an ID or if possible even more details to the cookie.

Now I realise there are several ways around this.

I could create a helper which takes the username, hopes it's unique (WHich it should be but for scalability reasons I would rather not rely on this), and then uses the UserName to get the relevant fields from the database.

Another option would be to create another cookie but I don't really want to do that either. |

Lastly I thought I could concatinate all of the users details into one long string seperated by a delimiter and then split them when I retrieve the details.

The thing is, I feel like there must be a better way of doing it than the above.

So can anyone more experienced in this than me tell me how I could store more fields in the Auth Cookie? It would be greatly appreciated.

P.s. I realise I could use WebSecurity but I only discovered this after I had written my login code and I am not sure I want to change it and learn how to do WebSecurity.

Thanks in advance

Marco
  • 22,856
  • 9
  • 75
  • 124
Lex Eichner
  • 1,056
  • 3
  • 10
  • 35
  • I normally store the UserId in the cookie rather than the username. I then query the database for the User entity using the UserId. When you need to scale you could cache the entity in memory to minimise database lookups. – 3ullShark Mar 02 '14 at 19:54
  • Yeh I think if no onbe knows of a way of getting more fields out of it then that is what I will do. I will leave it until tomorrow eve and see if anyone else knows of a way. If not, feel free to post that as an answer and I will mark it as an answer :). Thanks for your comment. – Lex Eichner Mar 02 '14 at 21:02
  • The issue I have with storing too much info in the cookie is it can slow down the users response time. You also will have to manage stale data stored in the cookie. I thinks it's better to just keep it simple and load the data each request. Then cache when it becomes an issue. – 3ullShark Mar 02 '14 at 22:12
  • I am not sure, if I understand you correctly: Do you want to enhance the Identity system, to store more properties like `FirstName` & `LastName` or do you want to enhance the contents of the AuthCookie. Your very first paragraph is intruiging me here. – Marco Mar 03 '14 at 06:59

1 Answers1

0

I believe this is what you're looking for: http://msdn.microsoft.com/en-us/library/ms172766(v=vs.90).aspx

Edit: Another thread discussing additional fields in user identity: ASP.NET MVC - Set custom IIdentity or IPrincipal

Community
  • 1
  • 1
maf748
  • 768
  • 1
  • 4
  • 15
  • Sorry, I'm not sure how this relates to my question. I have written a custom authentication and am just looking to find out how to add fields to Identity. My VB isn't good but this doesn't seem to do that? – Lex Eichner Mar 02 '14 at 18:24
  • It sounded to me like you wanted to add additional info to the user identity, and this link shows you (among other things), how to create a custom IPrincipal implementation to achieve this. – maf748 Mar 02 '14 at 21:01