Hi everyone.
I am having a little problem with forms authentication...
In Global.asax at Application_AuthenticateRequest event, I am firing the following code:
Code:
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// userdata string was retrieved from stored user-data (a roles string from db "Users" table, e.g. "Admin;Manager;User")
string userData = ticket.UserData;
string[] roles = userData.Split(',');
// Create a new Generic Principal Instance and assign to Current User
HttpContext.Current.User = new GenericPrincipal(id, roles); // (could also be a custom principal object of your design)
}
}
}
It works fine untill I call this at any other .aspx page:
if (!HttpContext.Current.User.IsInRole("Admin"))
{
Response.Redirect("Users.aspx");
}
Even though the Admin group is set in the cookie the function returns false!
Whai I noticed is that at Global.asax the line of code
Code:
HttpContext.Current.User = new GenericPrincipal(id, roles);
sets the User to be of a class GenericPrincipal. However when calling IsInRole() at any other.aspx page the HttpContext.Current.User gets automatically transformed into RolesPrincipal?!
Any ideas on how to solve this?!
Thanks!
FormAuthentication IsInRole() problem
