I'm creating a web application (C#, MVC3) and trying to figure out the best practice to log a user on. I'm sticking with the built-in FormsAuthentication framework and custom Membership provider to validate a user. But the problem is, there are many user information (first name, last name, user id, last login date, etc) I would like to save somewhere for easy access in my code.
First thought was to overload IIdentity and IPrincple but I was reading that they require a database hit every page load. Then I was thinking about cookies, but some posts were saying it is unwise to store sensitive information in them.
Any suggestions would be great.