How to send complex objects from one Razor page to another

Sherpa 161 Reputation points

I am working on an ASP.NET Core 6.0 Identity project. I want to pass an ApplicationUser object to the LoginWith2fs.cshtml page from the Login.cshtml page. The following is my code:

Code in Login page:

return RedirectToPage("./LoginWith2fa", new { UserSent = user, ReturnUrl = returnUrl, 

   RememberMe = Input.RememberMe });

Code in LoginWith2fa page:

//Created this property in the LoginWith2fa page. Not sure this is needed or not

public ApplicationUser UserSent { get; set; }

public async Task<IActionResult> OnGetAsync(ApplicationUser UserSent, bool rememberMe, 

string returnUrl = null)


  //More code here

  //the ApplicationUser object has null values in its properties such as username and 


    //However the rememberMe and returnUrl variables have correct values

A set of technologies in the .NET Framework for building web applications and XML web services.
4,157 questions
A set of technologies in the .NET Framework for building web applications and XML web services.
3,252 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Bruce ( 55,601 Reputation points

    With redirect, which just produces a url, the parameters are converted to strings. Converting a complex object to string is typically the class name. To pass user, you need to specify each user property as a separate parameter. Of course these will all show up on the browser url line and are easy to hack.

    • You should store user in server persistent state and just send the key. If you must send on the url,
    • You should serialize user to a string, encrypt and convert to a base64url string that you pass. Note there is a max url length, so keep small.
    0 comments No comments

  2. Brando Zhang-MSFT 2,881 Reputation points Microsoft Vendor

    Hi Sherpa,

    According to your description, I suggest you could use the temp data , or directly using the querystring to pass the userEmail or user ID to the LoginWith2fs page and then using the usermanager to get the user instead of directly store the whole application user inside the tempdata or the user string.

    Why we suggest you use the tempdata to just store the userEmail , since this data will be encrypted automatically. Passing the userinformtion directly inside the url is not recommend and it is not security.

    More details, you could refer to below codes:

    1.Login page:

    Add a new userid like below:

            public string UserEmail { get; set; }

    Inside the OnPostAsync method set it:

            public async Task<IActionResult> OnPostAsync(string returnUrl = null)
                returnUrl ??= Url.Content("~/");
                ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
                UserEmail = Input.Email;

    Then inside the LoginWith2fs page:

            public async Task<IActionResult> OnGetAsync(bool rememberMe, string returnUrl = null)
                var username =  TempData.Peek("UserId").ToString();
                var applicationuser = await _userManager.FindByEmailAsync(username);


    User's image

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".


    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments