Last post Mar 26, 2014 04:51 PM by BrockAllen
Mar 26, 2014 02:05 PM|Harman Bajaj|LINK
I have one doubt regarding below code, It is good we are checking the authentication and if he is not authenticated then redirected to login page.
But Why we are creating generic principal here and again updating the user ?. I am storing custom data in user data property (username, email, img).
protected void Application_OnAuthenticateRequest(Object sender,EventArgs e)
if (HttpContext.Current.User != null)
if (HttpContext.Current.User.Identity is FormsIdentity)
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// Retrieve stored user-data (role information is assigned
// when the ticket is created)
string userData = ticket.UserData;
string customdata = userData.Split(',');
// Create a new Generic Principal Instance and
// assign to Current User
HttpContext.Current.User = new GenericPrincipal(id, customdata);
Mar 26, 2014 04:36 PM|markfitzme|LINK
Due to the nature of the web, variables are not persistant. So, if customizing the authentication process in this way the principal must be recreated continually in order to make it live for each request made against the app.
Mar 26, 2014 04:38 PM|BrockAllen|LINK
Roles are not issued in the forms auth cookie, so you need a way to load them into your user object on each request. This is how it's (or was done) done in classic ASP.NET.
Mar 26, 2014 04:47 PM|Harman Bajaj|LINK
But What if I don't do this ??? I am still able to get the userdata from the ticket.
Mar 26, 2014 04:51 PM|BrockAllen|LINK
Sure, but it's easier if it's abstracted/centralized from the rest of your app.
If you're rewriting code, here's a better approach: