I don't see why you couldn't store it in the user's session object since you should be validating their forms authentication each time they do something privileged.
If you really don't want to store it in their session, you could create a static dictionary and store the data there:
using System.Collections.Concurrent;
// Class level declaration.
static ConcurrentDictionary<string, object> UserData =
new ConcurrentDictionary<string, object>();
// Inside your magic method.
if (provider.ValidateUser(...)) {
object providerSession = provider.GetSession();
string userId = Guid.NewGuid().ToString("n");
UserData.TryAdd(userId, providerSession);
FormsAuthenticatonTicket authTicket = new FormsAuthenticatonTicket(
1,
model.UserName,
DateTime.Now,
DateTime.Now.AddMinutes(15),
false,
userid);
// ...
}
From there, you could then look up your providers session data based on the stored userId
in your forms authentication ticket. I made the object stored in the dictionary a standard object
since I don't know what your provider returns, so if it's something more specific, be sure to use that class instead.