-2

My application will serve multiple sites, i will define the same home directory for all the sites in the system. Assume this is a business application with users, roles etc and each site is for another customer.

The role definitions are in DB, so i am creating a forms auth cookie with a ticket and name that cookie as 

FormsAuthentication.FormsCookieName + HttpContext.Current.Session["ApplicationName"]

But when i try to decode this cookie in Application_AuthenticateRequest, application throws an error saying session state is not ready.

I can store "ApplicationName" data in another way. But i have a feeling that i might be doing something wrong from the begining.

Can you suggest me a pattern or something on this scenario?

Burak SARICA
  • 721
  • 1
  • 7
  • 27

1 Answers1

0

You will not be able to use session state at that stage in the ASP.NET life cycle (Application_AuthenticateRequest). It isn't available yet.

Should be available at the AcquireRequestState step. That's when the session state for the current request is acquired.

Take a look here for the lifecycle events:

http://www.devproconnections.com/article/aspnet2/understanding-the-asp-net-lifecycle-123441

Christophe Geers
  • 8,564
  • 3
  • 37
  • 53
  • AcquireRequestState is too late to authenticate a user. Asp.net runtime adds a redirection header to login page just after Application_AuthenticateRequest event. And I cannot remove it on AcquireRequestState. – Burak SARICA Jan 22 '13 at 08:30