newbie seeks User.Identity and Application_AuthenticateRequest help

[Mad Scientist Jr]

I'm trying to understand how security works in a ASP.NET c# project.
The global.asax has this code:

protected void Application_AuthenticateRequest(Object sender,EventArgs e)
{
HttpCookie rolesCookie = Request.Cookies["roles"];
if ((!(rolesCookie==null)) && (!(Context.User==null)))
{
GenericIdentity gi = new GenericIdentity(User.Identity.Name);
GenericPrincipal gp = new GenericPrincipal(gi, rolesCookie.Value.Split('|'));
Context.User = gp;
}
}

and on another page, they get the user name from this code:

string strUserName = HttpContext.Current.User.Identity.Name;

Unfortunately, I'm missing the login screen.

How is the user name being set?

Is it possible to do something like:

HttpContext.Current.User.Identity.Name = "johndoe";

?

thanks

 

[Svein Terje Gaup]

This article describes how to implement Forms Authentication with roles and
a Generic Principal:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp

I've implemented the example from the link above, and fixed a problem with
persisting the cookie, using xml in the cookie's FormsAuthenticationTicket
to store the "persist" setting plus the roles. Also extended the example
with a user database. You can download my source + database from here:
http://www.geocities.com/gaupen/index.htm?NETStuff.htm

The example is called GenericPrincipalApp.

Sincerely
Svein Terje Gaup