HttpContext.Current.User.IsInRole is not available in AuthenticateRequest; however, Roles.IsUserInRole is available.
Is it because new GenericPrincipal is assigned to HttpContext.Current.User after AuthenticateRequest? Could someone explain me about it? Appreciate your help!
void Application_AuthenticateRequest(object sender, EventArgs e)
{
if(HttpContext.Current.Request.IsAuthenticated)
{
// Return False
bool result1 = HttpContext.Current.User.IsInRole("Administrators");
// Return True
bool result2 = Roles.IsUserInRole("Administrators");
}
}
I think that you should be subscribing to AuthorizeRequest
instead. This event comes after AuthenticateRequest
, so the identity of the principal has been established.