Herbert, MyBase is an inheritance keyword in VB.Net to refer to an object's base class. Since I inherit from GenericIdentity, in addition to populating the extra data I am interested in, I instantiate the base class by calling one of the available Mybase.New() methods. That way, I've got the additional methods and properties as well as the base class methods and properties (you can check using the object browser to see that the extended class has all the methods and properties of the base class in addition to the ones I added). In response to your other email, the security handler is attached. I've actually included everything in the module, so there will be redundancy here from what I originally posted. The gist is this: In web.config, anonymous access is set (allow users="?"). On login.aspx, I've denied anonymous access (deny users="?"). I've also got the security scheme set to NT Authentication (Intranet portal, not Internet portal). Finally, on the code-behind for login.aspx, if the user is authenticated, then I call the SetUserIdentityCookie() method to set the cookie. The net result of all of this is that when the user attempts to login, he has to authenticate to hit login.aspx. This is done automatically in IE by passing his/her NT credentials to the webserver. After this, the cookie is set and the user is redirected to the homepage or to a redirect page. Complete module follows: ****************************************************** Imports System Imports System.Web Imports System.Web.Security Imports System.Security.Principal Imports System.Runtime.Serialization Namespace ASPNetPortal Public Class PortalIdentity Inherits GenericIdentity Private _employeeID As String Private _firstName As String Private _lastname As String Private _roles As ArrayList Private _groupID As Integer Public Property LastName() As String Get Return _lastname End Get Set(ByVal Value As String) _lastname = Value End Set End Property Public Property GroupID() As Integer Get Return _groupID End Get Set(ByVal Value As Integer) _groupID = Value End Set End Property Public Property EmployeeID() As String Get Return _employeeID End Get Set(ByVal Value As String) _employeeID = Value End Set End Property Public Property Roles() As ArrayList Get Return _roles End Get Set(ByVal Value As ArrayList) _roles = Value End Set End Property Public ReadOnly Property FirstName() As String Get Return _firstName End Get End Property Public Sub New(ByVal name As String, ByVal FirstName As String) MyBase.New(name) _firstName = FirstName End Sub Public Sub New(ByVal name As String, ByVal FirstName As String, ByVal type As String) MyBase.New(name, type) _firstName = FirstName End Sub End Class Public Class SecurityUtility Public Shared Sub SetUserIdentityCookie() ' Handles the single instance where a client is authenticating. Dim httpCon As HttpContext = HttpContext.Current Dim client As SqlDataReader ' Get roles from UserRoles table, and add to cookie Dim _user As New EmployeesDB() client = _user.GetSingleEmployeeByUserIdentity(httpCon.User.Identity.Name) If client.Read() Then 'Create an identity and serialize it to a cookie. Dim ident As New PortalIdentity(httpCon.User.Identity.Name, client("first_name"), "CustomSecurity") ident.EmployeeID = client("employee_id") ident.GroupID = client("group_id") ident.LastName = client("last_name") ident.Roles = _user.GetRoles(ident.EmployeeID) ' serialization objects Dim stream As New System.IO.MemoryStream() Dim format As New Formatters.Binary.BinaryFormatter() Try ' Actually serialize format.Serialize(stream, ident) ' Declare a new cookie Dim cookie As New HttpCookie("portalsettings") cookie.Value = Convert.ToBase64String(stream.ToArray) ' Set cookie timeout cookie.Expires = Now.AddHours(8) httpCon.Response.Cookies.Add(cookie) ' Add our own custom principal to the request containing the roles httpCon.User = New GenericPrincipal(ident, ident.Roles.ToArray(GetType(String))) Catch ex As Exception ' Do nothing -- just don't authenticate End Try End If client.Close() End Sub End Class Public Class SecurityModule Implements IHttpModule Public Sub New() ' Just a creator sub End Sub Public Sub Init(ByVal context As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init ' Need to register our module with the application context. AddHandler context.AuthenticateRequest, AddressOf Me.AuthenticateRequest End Sub Public Sub Dispose() Implements System.Web.IHttpModule.Dispose ' Not necessary to implement anything here. End Sub Private Sub AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) ' Process authentication here ' The sender is the application context. We need to grab a reference to it. Dim httpApp As HttpApplication = CType(sender, HttpApplication) Dim httpCon As HttpContext = httpApp.Context If Not httpCon.Request.Cookies("portalsettings") Is Nothing Then ' Handles all other instances ' Reconstitute identity from cookie Dim ident As PortalIdentity Dim stream As New System.IO.MemoryStream() Dim format As New Formatters.Binary.BinaryFormatter() Dim bytes() As Byte Try ' Get the byte array from the cookie bytes = Convert.FromBase64String(httpCon.Request.Cookies("portalsettings").Value) ' Write the byte array to a memory stream stream.Write(bytes, 0, UBound(bytes) + 1) ' Set the stream to the beginning and deserialize stream.Position = 0 ident = CType(format.Deserialize(stream), PortalIdentity) ' Add our own custom principal to the request containing the roles in the auth ticket httpCon.User = New GenericPrincipal(ident, ident.Roles.ToArray(GetType(String))) Catch ex As Exception ' Do nothing End Try End If End Sub End Class End Namespace HTH, David