What is the best way to store temporary user information in asp.net?

When user logs in there are number of attributes I need to retrieve 开发者_StackOverflowfrom ActiveDirectory such as their real name, some contacts etc. Some of these fields I will be showing quite often in some forms. ActiveDirectory retrieval speed is pretty bad in my case, so I was wondering what would be the best way to store this information in memory when they log in, and then delete it once they log off/timeout?

My thoughts so far: 1) Store in Session, but is it safe? 2) Extend the User.Identity and store it there. Not sure that's possible. 3) Store it in some kind of global Dictionary. How would I know that they logged off to remove the key/value pair?

I am using MVC2 for this project and I will not need to write back to ActiveDirectory.

Session objects are quite commonly used for storing information. If you are worried about security, you can use HTTPS for communication or you can make use of State Servers or SQL Server for storing that information.

Yes as it is said you can use profile provider to store the data. I personally use session data.

my view why:

1, Database solution via adding field into profile (as additionalUserData = data in here) Make it simple to use and does not take long to implement as session handling.

2, session data are always on server and there for you do not need to care about data in database, and works without it. (few project has been done this way) it is reasonably save and easy to access and you can add expiry date time. Also you can keep more information about the user.

3th option: You would have to have timestamp and checking every request which has expired and remove this records in which case you would have to have dictionary for every user...

The problem is yours....

Hope it helps

I would put it in session as long as it's not a large amount of data. Seems like it's a perfect fit for session state. There shouldn't be any safety concerns if you use https.

If you're concerned about the amount of data you'd be putting in session state you could also consider using the ASP.NET Profile Provider but you'd need to have some type of mechanism to keep the data synched with AD (maybe each time the user logs in). That being said, if it's not a huge amount of data I think session is the way to go.