This project is read-only.

PostAuthenticateRequest and GenericPrincipal and Roles

Sep 8, 2011 at 9:36 PM

I understand what is being done in the PostAuthenticateRequest event but I have a question about using a GenericPrincipal. After this code executes:

FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(encTicket);
NerdIdentity id = new NerdIdentity(ticket);
GenericPrincipal prin = new GenericPrincipal(id, null);
HttpContext.Current.User = prin;

User has changed from a RolePrincipal to a GenericPrincipal and no longer knows the roles the user is in. So on my controller, when I use [Authorize(Roles="Admin")], it now fails.

Is there a way to accomplish the same thing without losing the roles?

Oct 21, 2011 at 8:04 PM

Sorry, just trying to bump the topic and hopefully get some input from someone.