How to add temporary information to the ASP.Net Identity (cookie)?

Question

we are using ASP.Net MVC with the Asp.Net Identity.

We have around 100 user informations we save in the database with the identity model.

What I want is to save temporary information the identity. The Information is HOW the user is logged in right now (SMS code, password, email code etc.etc. we have a bunch of types to log in). So that is not a database information, it is a simple temporary information as long as the auth cookie exists.

How to add this?

See this answer: http://stackoverflow.com/a/20400918/2056448 — Casey, Feb 01 '16 at 15:28

Abe Miessler · Answer 1 · 2016-02-01T15:26:20.377

0

I would just add a new cookie that has that information. Something like this:

Response.Cookies["AdditionalInfo"]["LoginMethod"] = "SMS";

You can find more info here.

Be very careful how you use the information that is in there. A malicious user could modify the values in there to be whatever they want - so if you are using cookie values for security purposes you will get hacked.

You could also look at storing that info in the view state or the session state.

edited Feb 01 '16 at 15:26

answered Feb 01 '16 at 15:25

Abe Miessler

82,532
99
305
486

That is susceptible to change by the end user, though. – Casey Feb 01 '16 at 15:25
Yes it is. That isn't necessarily a deal breaker depending on how the cookie is being used. – Abe Miessler Feb 01 '16 at 15:26

How to add temporary information to the ASP.Net Identity (cookie)?

1 Answers1