M
martymcdonald
For authentication we are using an external DB. I can use Forms
authentication and use the loginUrl="MyLoginForm.aspx" just fine. But
for authorization, we cannot use a static list of roles for people,
their authorization depends on factors which change as they use the
system.
We must determine roles on every page hit, using information in our
custom identity, which is changed as user uses system. I examine
custom identity, determine roles, create principal accordingly, then
attach it to HttpContext.Current.User. But after redirecting to
another page, the HttpContext.Current.User identity reverts back to a
"Windows" identity and also the principal's information is gone too
(reverts to generic principal without my role info).
How does one modify the HttpContext.Current.User and have it persist
between redirects? Thanks!
authentication and use the loginUrl="MyLoginForm.aspx" just fine. But
for authorization, we cannot use a static list of roles for people,
their authorization depends on factors which change as they use the
system.
We must determine roles on every page hit, using information in our
custom identity, which is changed as user uses system. I examine
custom identity, determine roles, create principal accordingly, then
attach it to HttpContext.Current.User. But after redirecting to
another page, the HttpContext.Current.User identity reverts back to a
"Windows" identity and also the principal's information is gone too
(reverts to generic principal without my role info).
How does one modify the HttpContext.Current.User and have it persist
between redirects? Thanks!