I understand what is being done in the PostAuthenticateRequest event but I have a question about using a GenericPrincipal. After this code executes:
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(encTicket);
NerdIdentity id = new NerdIdentity(ticket);
GenericPrincipal prin = new GenericPrincipal(id, null);
HttpContext.Current.User = prin;
User has changed from a RolePrincipal to a GenericPrincipal and no longer knows the roles the user is in. So on my controller, when I use [Authorize(Roles="Admin")], it now fails.
Is there a way to accomplish the same thing without losing the roles?