I'm developing my first application in .net MVC.
Normally when working with Web form, after the user logs in his information (name, email, permissions, etc.) was saved in the session. In this way, with each request it was possible to validate if it was actually allowed to access a page or functionality without having to read the database again.
I have been reading some posts related to not using Session to store this type of information, since it can compromise the scalability of the application. Based on this, what would be the best way to store logged in user information? How do I validate permissions when a request arrives on the server?