Velocity Reviews

Velocity Reviews (
-   ASP .Net Security (
-   -   Application_AuthenticateRequest and ASP.NET 2.0 (

jlynds 02-12-2006 09:22 AM

Application_AuthenticateRequest and ASP.NET 2.0
Hi, all--

Can someone help me understand how Application_AuthenticateRequest should

I've got the following code in my global.asax:

Protected Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As System.EventArgs)
Dim oContext As HttpContext = HttpContext.Current

If Not HttpContext.Current.User Is Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity
Dim oID As FormsIdentity =
CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim oTicket As FormsAuthenticationTicket = oID.Ticket

'Retrieve user data - this is working as I can see here
' the contents of sUserData = "Manager, User"
Dim sUserData As String = oTicket.UserData
Dim sMyRoles() As String = sUserData.Split(",")

Context.User = New
System.Security.Principal.GenericPrincipal(oID, sMyRoles)

End If
End If
End If
End Sub

I'm using a web.config file in a directory to trigger authentication, and in
the Page_Load event of a secured page,
HttpContext.Current.User.Identity.IsAuthenticated shows equal to true, but
HttpContext.Current.User.IsInRole("Manager") = false, even though it was true
at the End Sub statement in Application_AuthenticateRequest.

I'm not sure why HttpContext.Current.User.IsInRole("Manager") = true while
in Application_AuthenticateRequest but = false in the Page_Load that
immediately follows...especially since much sample code on the internet seems
to indicate that this should work -- I'm thinking that I must have a
configuration setting wrong somewhere?



All times are GMT. The time now is 06:01 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.