1

I have an ASP.NET 4.0 Web Forms application and I want to handle authentication. I have a default page that ASP.NET gave me that contains a <asp:Login> Control. I have created a MembershipProvider and filled in the ValidateUser() method successfully.

Now, the authentication works, but ASP.NET somehow filled in the User.Identity for me without me ever getting a chance to set it with the information I would like. I am not sure how this User is getting populated or where any of the authentication outside of my ValidateUser() method is happening. Where is this happening? Thanks.

skaz
  • 21,962
  • 20
  • 69
  • 98

1 Answers1

1

It is set by a ASP.NET HttpModule, called FormsAuthenticationModule

HttpModules are like java filters, and they are executed before and after a request reaches the HttpHandler. Simple flow :

Request -> HttpModules -> HttpHandler -> HttpModules -> Client

It sets the user based on Cookie, usually named .aspxauth

Zasz
  • 12,330
  • 9
  • 43
  • 63
  • Thanks! How can I get in there and override this process then? I would like to be using my `User` information instead of what the default is doing. – skaz Jun 01 '14 at 15:38
  • Add your custom handler to `FormsAuthenticate_OnAuthenticate` event in Global.asax, and in that handler, set your custom Identity. This automatically disables FormsAuthenticationModule (Try to read the code I linked in my answer) – Zasz Jun 01 '14 at 15:44