J
jlynds
Hi, all--
Can someone help me understand how Application_AuthenticateRequest should
work?
I've got the following code in my global.asax:
Protected Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As System.EventArgs)
Dim oContext As HttpContext = HttpContext.Current
If Not HttpContext.Current.User Is Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity
Then
Dim oID As FormsIdentity =
CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim oTicket As FormsAuthenticationTicket = oID.Ticket
'Retrieve user data - this is working as I can see here
that
' the contents of sUserData = "Manager, User"
Dim sUserData As String = oTicket.UserData
Dim sMyRoles() As String = sUserData.Split(",")
Context.User = New
System.Security.Principal.GenericPrincipal(oID, sMyRoles)
End If
End If
End If
End Sub
I'm using a web.config file in a directory to trigger authentication, and in
the Page_Load event of a secured page,
HttpContext.Current.User.Identity.IsAuthenticated shows equal to true, but
HttpContext.Current.User.IsInRole("Manager") = false, even though it was true
at the End Sub statement in Application_AuthenticateRequest.
I'm not sure why HttpContext.Current.User.IsInRole("Manager") = true while
in Application_AuthenticateRequest but = false in the Page_Load that
immediately follows...especially since much sample code on the internet seems
to indicate that this should work -- I'm thinking that I must have a
configuration setting wrong somewhere?
Thanks,
Joe
Can someone help me understand how Application_AuthenticateRequest should
work?
I've got the following code in my global.asax:
Protected Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As System.EventArgs)
Dim oContext As HttpContext = HttpContext.Current
If Not HttpContext.Current.User Is Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity
Then
Dim oID As FormsIdentity =
CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim oTicket As FormsAuthenticationTicket = oID.Ticket
'Retrieve user data - this is working as I can see here
that
' the contents of sUserData = "Manager, User"
Dim sUserData As String = oTicket.UserData
Dim sMyRoles() As String = sUserData.Split(",")
Context.User = New
System.Security.Principal.GenericPrincipal(oID, sMyRoles)
End If
End If
End If
End Sub
I'm using a web.config file in a directory to trigger authentication, and in
the Page_Load event of a secured page,
HttpContext.Current.User.Identity.IsAuthenticated shows equal to true, but
HttpContext.Current.User.IsInRole("Manager") = false, even though it was true
at the End Sub statement in Application_AuthenticateRequest.
I'm not sure why HttpContext.Current.User.IsInRole("Manager") = true while
in Application_AuthenticateRequest but = false in the Page_Load that
immediately follows...especially since much sample code on the internet seems
to indicate that this should work -- I'm thinking that I must have a
configuration setting wrong somewhere?
Thanks,
Joe