0

I am creating an ASP.NET MVC site that requires a login for users to access. When the user logs in, instead of the site accessing the database directly, it uses an in-house webservice. I'd like to not hit the webservice on every pageview, so I'm trying to figure how to store user data like full name, email address, permissions, and other arbitrary data so the user session can access them. Everything I've researched says that using a session variable for this is the wrong way to do it and that OWIN is far better, but I can't figure out how to use it properly.

I've tried creating a custom UserManager and ApplicationUser and although I think (although I'm not certain) I've had some success storing the information, I can't figure out how to read it back out again.

Hypersapien
  • 617
  • 2
  • 8
  • 23
  • What MVC version are you using? – Daniel Stackenland May 06 '19 at 15:00
  • MVC version 5.2.3 – Hypersapien May 06 '19 at 16:27
  • Take a look at Claims you can add claims with name, email etc., https://www.khalidabuhakmeh.com/asp-net-mvc-5-authentication-breakdown-part-deux – Daniel Stackenland May 07 '19 at 06:19
  • There is some more info here also: https://stackoverflow.com/questions/22246538/access-claim-values-in-controller-in-mvc-5 – Daniel Stackenland May 07 '19 at 06:27
  • Why not store immutable data in a session? The only critical non session part seems to be the permissions, which you could store locally for the app after your initial user data load and subsequently just cross reference each hit with your local store (use an action filter)? A permission change would just refresh this local app store then you don't need to worry about stale session permissions. – Wurd May 09 '19 at 09:40
  • @Wurd From what I understood, using a session variable for user data was not advised in modern web applications. – Hypersapien May 13 '19 at 14:51
  • @Hypersapien could you elaborate and/or link? – Wurd May 14 '19 at 10:07

0 Answers0