I am working on the process of creating and vetting new users. After a user has registered, they are sent a link -containing a query string with a token- to their email so they can verify their email address. When a user clicks the link, they are redirected to a page that validates their info, then changes their role from Guest to Member.
Process flow
Email > verifyEmail.aspx > dashboard.aspx
When a user is already logged in to the web app, and they click the link from their email, their role changes accordingly; however, when they are redirected to dashboard.aspx, User.IsInRole("Member") is false. After logging out, then logging back in, User.IsInRole("Member") is true. So my question is, how can I update the identity of a user, and also the Context of the user without forcing them sign out then log back in? I am guessing it has to do with the cookie for Roles?
Code
If userToken.Token1 = token Then
Dim userRole = Roles.GetRolesForUser(authUser)
Dim userIdentity = New GenericIdentity(authUser)
Dim principal = New GenericPrincipal(userIdentity, userRole)
Dim isOnline As Boolean = False
If HttpContext.Current IsNot Nothing AndAlso HttpContext.Current.User.Identity.IsAuthenticated Then
If Not Membership.GetUser.ProviderUserKey Is Nothing Then
isOnline = True
End If
End If
Context.User = principal
If User.IsInRole("Guest") = True AndAlso User.IsInRole("Member") = False Then
Roles.AddUserToRole(User.Identity.Name, "Member")
Roles.RemoveUserFromRole(User.Identity.Name, "Guest")
If isOnline = True Then
'***do stuff here to change the context
Response.Redirect("../Account/GetStarted.aspx")
End If
End If
End If
Assuming you are using form Authentication,may be you need to use following method:
FormsAuthentication.SetAuthCookie
This will "Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication."
taken from MSDN