5

HttpContext.Current.User.IsInRole is not available in AuthenticateRequest; however, Roles.IsUserInRole is available.

Is it because new GenericPrincipal is assigned to HttpContext.Current.User after AuthenticateRequest? Could someone explain me about it? Appreciate your help!

void Application_AuthenticateRequest(object sender, EventArgs e)
{
    if(HttpContext.Current.Request.IsAuthenticated)
    {
        // Return False
        bool result1 = HttpContext.Current.User.IsInRole("Administrators");

        // Return True
        bool result2 = Roles.IsUserInRole("Administrators");
    }
}
Win
  • 61,100
  • 13
  • 102
  • 181

1 Answers1

3

I think that you should be subscribing to AuthorizeRequest instead. This event comes after AuthenticateRequest, so the identity of the principal has been established.

http://msdn.microsoft.com/en-us/library/bb470252.aspx

code4life
  • 15,655
  • 7
  • 50
  • 82