HttpContext.Current.User is always null in Global_AuthenticateRequ

[Nieko Punt]

I implemented forms based authentication in my web app and works great. Now i
want to add role-based authorization. From info on the web I know I have to
handle the AuthenticateRequest. I have code like this:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
// code to add roles here
}
}
}
}


I put a breakpoint at the first if statement in order to see when the event
is fired and what the values are (during login). The event is fired several
times during a single login but HttpContext.Current.User is always null, even
if I succesfully logged in. In contrast, on the web page expressions like
User.Identity.IsAuthenticated work just fine.

What am I missing here?

 

[Nieko Punt]

Correction. The Event signature looks like this:

protected void Global_AuthenticateRequest(Object sender, EventArgs e)

 

[Dominick Baier [DevelopMentor]]

Hello Nieko,

i have an example of that on my blog
http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a

 

[Joe_Langley]

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id =
(FormsIdentity)HttpContext.Current.User.Identity;
// Forms Ticket
FormsAuthenticationTicket ticket = id.Ticket;
// Retrieve roles from db
string userData = ticket.UserData;
string[] roles = userData.Split(',');
// Assign new Generic Principal Instance and assign to
Current User
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}