Application_AuthenticateRequest and ASP.NET 2.0

Discussion in 'ASP .Net Security' started by jlynds, Feb 12, 2006.

  1. jlynds

    jlynds Guest

    Hi, all--

    Can someone help me understand how Application_AuthenticateRequest should
    work?

    I've got the following code in my global.asax:

    Protected Sub Application_AuthenticateRequest(ByVal sender As Object,
    ByVal e As System.EventArgs)
    Dim oContext As HttpContext = HttpContext.Current

    If Not HttpContext.Current.User Is Nothing Then
    If HttpContext.Current.User.Identity.IsAuthenticated Then
    If TypeOf HttpContext.Current.User.Identity Is FormsIdentity
    Then
    Dim oID As FormsIdentity =
    CType(HttpContext.Current.User.Identity, FormsIdentity)
    Dim oTicket As FormsAuthenticationTicket = oID.Ticket

    'Retrieve user data - this is working as I can see here
    that
    ' the contents of sUserData = "Manager, User"
    Dim sUserData As String = oTicket.UserData
    Dim sMyRoles() As String = sUserData.Split(",")

    Context.User = New
    System.Security.Principal.GenericPrincipal(oID, sMyRoles)

    End If
    End If
    End If
    End Sub

    I'm using a web.config file in a directory to trigger authentication, and in
    the Page_Load event of a secured page,
    HttpContext.Current.User.Identity.IsAuthenticated shows equal to true, but
    HttpContext.Current.User.IsInRole("Manager") = false, even though it was true
    at the End Sub statement in Application_AuthenticateRequest.

    I'm not sure why HttpContext.Current.User.IsInRole("Manager") = true while
    in Application_AuthenticateRequest but = false in the Page_Load that
    immediately follows...especially since much sample code on the internet seems
    to indicate that this should work -- I'm thinking that I must have a
    configuration setting wrong somewhere?

    Thanks,

    Joe
     
    jlynds, Feb 12, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Kingscott
    Replies:
    0
    Views:
    490
    Mike Kingscott
    Jun 30, 2003
  2. Nugs

    Application_AuthenticateRequest

    Nugs, Apr 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    1,230
  3. =?Utf-8?B?ZGFubWFuMjI2?=

    Application_AuthenticateRequest cannot read Session variable

    =?Utf-8?B?ZGFubWFuMjI2?=, Apr 18, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    12,534
    Brock Allen
    Apr 18, 2005
  4. Mad Scientist Jr
    Replies:
    1
    Views:
    364
    Svein Terje Gaup
    May 31, 2004
  5. Jaime
    Replies:
    9
    Views:
    409
    Dominick Baier [DevelopMentor]
    Jun 4, 2005
Loading...

Share This Page