I have an HttpModule that captures the
FormsAuthenticationModule.Authenticate event, and replaces the
HttpContext principal with a custom principal. The code is
straightforward enough, yet when an ASPX page tries to get this custom
principal it fails - the object I inserted is not there. I've tried
having this module declaration at both the top & bottom of the list in
my web.config... What am I missing?
The code:
public class GCTPrincipalInContext : IHttpModule
{
#region IHttpModule Members
public void Init(HttpApplication context)
{
FormsAuthenticationModule faModule =
(FormsAuthenticationModule)context.Modules["FormsAuthentication"];
faModule.Authenticate += new
FormsAuthenticationEventHandler(faModule_Authentic ate);
}
void faModule_Authenticate(object sender, FormsAuthenticationEventArgs
e)
{
if
(HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]
!= null)
{
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt(HttpContext.Current.Re quest.Cookies[FormsAuthentication.FormsCookieName].Value);
User gctUser =
DataRepository.UserProvider.GetByASPUserId(
(Guid)Membership.GetUser(ticket.Name).ProviderUser Key
)[0];
// I've tried setting the HttpContext.Current.User directly, and I
get
// the same result - not my identity in context.
e.User = new GCTPrincipal(new FormsIdentity(ticket), gctUser);
}
}
public void Dispose()
{
return;
}
#endregion
}