0

I authenticate a user in my HttpModule (in AuthenticateRequest event handler). I set the authenticated user to ((HttpApplication)sender).Context.User. However the user is lost, because the DefaultDocumentModule creates another HttpContext which no longer contains the authenticated user.

Any solution for this?

(I was trying to save the authenticated user to a ThreadStatic field, but this is not safe. Then, I was trying to save the user to HttpRequest.Items, but this is also lost.)

Update - Detailed information:

I am using a digest authentication (not the build-in IIS based, which works with AD only). The authentication is performed in AuthenticateRequest event handler of a HttpModule. The problem is that the AuthenticateRequest is being invoked twice. Because DefaultDocumentModule (which transfers the request from '/' to e.g. '/Default.aspx') creates another HttpContext for '/Default.aspx'.

I do not know how to pass the information from the first HttpContext (for '/') to the second HttpContext (for '/Default.aspx') that the request is already authenticated.

TN.
  • 18,874
  • 30
  • 99
  • 157
  • Possible solution - http://stackoverflow.com/questions/3824951/forms-authentication-ignoring-default-document/5549254#5549254 – Ilya Luzyanin Jul 18 '14 at 21:21
  • @IlyaLuzyanin How this helps me? – TN. Jul 18 '14 at 21:53
  • Well, I was trying to guess what problem do you actually have. Could you post some more information on what you're trying to achieve? Maybe there is another approach for your problem instead of saving HttpContext in different places? – Ilya Luzyanin Jul 19 '14 at 07:29

0 Answers0