I have an ASP.NET 4.0 Web Forms application and I want to handle authentication. I have a default page that ASP.NET gave me that contains a <asp:Login> Control. I have created a MembershipProvider and filled in the ValidateUser() method successfully.
Now, the authentication works, but ASP.NET somehow filled in the User.Identity for me without me ever getting a chance to set it with the information I would like. I am not sure how this User is getting populated or where any of the authentication outside of my ValidateUser() method is happening. Where is this happening? Thanks.
It is set by a ASP.NET HttpModule, called FormsAuthenticationModule
HttpModules are like java filters, and they are executed before and after a request reaches the HttpHandler. Simple flow :
Request -> HttpModules -> HttpHandler -> HttpModules -> Client
It sets the user based on Cookie, usually named .aspxauth