1

I am working on the process of creating and vetting new users. After a user has registered, they are sent a link -containing a query string with a token- to their email so they can verify their email address. When a user clicks the link, they are redirected to a page that validates their info, then changes their role from Guest to Member.

Process flow

Email > verifyEmail.aspx > dashboard.aspx

When a user is already logged in to the web app, and they click the link from their email, their role changes accordingly; however, when they are redirected to dashboard.aspx, User.IsInRole("Member") is false. After logging out, then logging back in, User.IsInRole("Member") is true. So my question is, how can I update the identity of a user, and also the Context of the user without forcing them sign out then log back in? I am guessing it has to do with the cookie for Roles?

Code 

    If userToken.Token1 = token Then
      Dim userRole = Roles.GetRolesForUser(authUser)
      Dim userIdentity = New GenericIdentity(authUser)
      Dim principal = New GenericPrincipal(userIdentity, userRole)
      Dim isOnline As Boolean = False

      If HttpContext.Current IsNot Nothing AndAlso HttpContext.Current.User.Identity.IsAuthenticated Then
        If Not Membership.GetUser.ProviderUserKey Is Nothing Then
          isOnline = True
        End If
      End If

      Context.User = principal

      If User.IsInRole("Guest") = True AndAlso User.IsInRole("Member") = False Then
        Roles.AddUserToRole(User.Identity.Name, "Member")
        Roles.RemoveUserFromRole(User.Identity.Name, "Guest")

        If isOnline = True Then
          '***do stuff here to change the context
          Response.Redirect("../Account/GetStarted.aspx")
        End If
      End If
    End If
KRob
  • 389
  • 3
  • 19

1 Answers1

1

Assuming you are using form Authentication,may be you need to use following method:

FormsAuthentication.SetAuthCookie

This will "Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication."

taken from MSDN

voddy
  • 950
  • 1
  • 11
  • 21
  • Yes, form Authentication. I already tried FormsAuthentication.SetAuthCookie(User.Identity.Name, False) but no luck. I am not using cookieless authentication. – KRob Mar 24 '14 at 02:51
  • Did you try with a different browser? and use telerik fiddler to analyse your cookie, to be sure – voddy Mar 24 '14 at 03:01
  • No, but I will now. Thanks for the recommendation – KRob Mar 24 '14 at 03:09
  • Roles.Clear() ended up being what I needed, but your response led me to my answer so you get the check – KRob Mar 24 '14 at 07:18