Reputation: 41
Storing additional user data in MembershipProvider/FormsAuthenticationTicket
I have implemented my own custom MembershipProvider with a custom data store. No problems so far. I would like for people to login using their email instead of a username. Because I have my own data store, this is not a major issue, I can just pass the email as the username for the MembershipProvider.
My question is, how do I store additional custom user data along in the FormsAuthenticationTicket? I want to store a couple of things that will never change, such as their UserId, First/Last Name and Country. I started looking into creating FormsAuthenticationTicket with the UserData, but quickly got confused. How do I store multiple things into this UserData, and how do I easily read this data back on every single ASP.NET MVC2 page. I found many samples, none that really seemed that great in terms of MVC2. There has to be a simple way to do this.
It would make no sense to read the UserId, First/Last Name and the Country from a database on each and every request because it would never change. Plus, while I want the user to login using their email, I'd want to store their UserId in the auth cookie so that it can be used in nearly every user related database query rather than the email (because in all the tables, the user data is stored along with the UserId - not the email because technically the email could be changed - I already figured that stuff out when it comes to the MembershipProvider).
What is the best practices for storing additional user data like this in ASP.NET MVC2?
Upvotes: 3
Views: 4504
Answers (7)
Reputation: 1183
This post shows (among other things) the details of storing in FormsAuthenticationTicket.UserData and reading it from a base controller. http://www.west-wind.com/weblog/posts/899303.aspx
As someone suggested above, a simple data class that holds all the info needed and a pair of serialize/deserialize methods will do the job.
public class UserState
{
public int Id { get; set; }
public Guid ActivationId { get; set; }
public string UserName { get; set; }
public string Email { get; set; }
public bool IsAdmin { get; set; }
// Serialize
public override string ToString()
{
JavaScriptSerializer serializer = new JavaScriptSerializer();
string result = serializer.Serialize(this);
return result;
}
// Deserialize
public static UserState FromString(string text)
{
JavaScriptSerializer serializer = new JavaScriptSerializer();
return serializer.Deserialize<UserState>(text);
}
}
}
Upvotes: 4
Reputation: 29
If your concerned about round-trip queries each time you need this data, then do a combination of Session State and Profile. Store the data in a profile, and then after your login succeeds, grab those values into Session State. Use them from Session State during that session. You could even add a check which would query the Profile if the session state is empty.
Upvotes: 0
Reputation: 29
Profile is the best way to store custom user specific data. All you have to do is create the fields in the web.config page, then reference them just like session state variable. Session State is good for data that is persistant during 1 session (hence the name).
Web.Config:
<profile>
<properties>
<add name="DepartmentNumber"/>
</properties>
</profile>
Save to profile:
ProfileCommon newProf = Profile.GetProfile(username);
newProf.DepartmentNumber = "12"; //Or whatever string data you have.
newProf.Save();
Reference:
String departmentNumber = Profile.DepartmentNumber; //Data is stored as String.
Upvotes: 0
Reputation: 24754
The FormsAuthenticationTicket cookie has an UserData property you can store whatever you want in. I throw JSON serialized object graphs in there for caching user related stuff like Last,First names or additional role information.
There are some size limits but as long as your sensible you should be ok.
Upvotes: 2
Reputation: 1255
I would use Profile to store custom user information, it is, after all, what it was designed for :)
And if you need to store the information in a more SQL structured format, use a Custom Profile Provider
In your custom profile you could implement caching and I'm sure that you could scale this out to a huge number of users.
Upvotes: 0
Reputation: 50728
Just store it separately yourself. All forms auth does is store it in a cookie and encrypt/decrypt on the server. You can encrypt/decrypt the data yourself. You can also use other stores like disk I/O or cache, so you aren't storing anything on the client.
HTH.
Upvotes: 1
Related Questions
- ASP.Net Store User Data in Auth Cookie
- Where do I store additional user details using ASP.NET MVC and the SqlMembershipProvider?
- Storing user data after authentication with MVC4
- Storing additional information in user identity in ASP.NET MVC application
- Adding additional user information to a website using ASP.NET MVC 4 and System.Web.Providers
- Storing Additional Information About a Logged In ASP.NET MVC User
- ASP.NET MVC 3 storing additional user information in tables using Entity Framework Code First approach
- Storing additional user details with ASP.NET Membership
- How to store additional user info?
- What is the best way to persist additional user data than is stored in the aspnet_users table