Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Application_AuthenticateRequest and ASP.NET 2.0 (http://www.velocityreviews.com/forums/t768283-application_authenticaterequest-and-asp-net-2-0-a.html)

jlynds 02-12-2006 09:22 AM

Application_AuthenticateRequest and ASP.NET 2.0
 
Hi, all--

Can someone help me understand how Application_AuthenticateRequest should
work?

I've got the following code in my global.asax:

Protected Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As System.EventArgs)
Dim oContext As HttpContext = HttpContext.Current

If Not HttpContext.Current.User Is Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity
Then
Dim oID As FormsIdentity =
CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim oTicket As FormsAuthenticationTicket = oID.Ticket

'Retrieve user data - this is working as I can see here
that
' the contents of sUserData = "Manager, User"
Dim sUserData As String = oTicket.UserData
Dim sMyRoles() As String = sUserData.Split(",")

Context.User = New
System.Security.Principal.GenericPrincipal(oID, sMyRoles)

End If
End If
End If
End Sub

I'm using a web.config file in a directory to trigger authentication, and in
the Page_Load event of a secured page,
HttpContext.Current.User.Identity.IsAuthenticated shows equal to true, but
HttpContext.Current.User.IsInRole("Manager") = false, even though it was true
at the End Sub statement in Application_AuthenticateRequest.

I'm not sure why HttpContext.Current.User.IsInRole("Manager") = true while
in Application_AuthenticateRequest but = false in the Page_Load that
immediately follows...especially since much sample code on the internet seems
to indicate that this should work -- I'm thinking that I must have a
configuration setting wrong somewhere?

Thanks,

Joe


All times are GMT. The time now is 06:01 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.