Hi
Why HttpContext.Current.User.IsInRole("Customer") returns false if the user is not logged in, I think because user is considered anonymous is this case, Correct?
Thanks
+5
A:
Yes, you are correct. Anonymous users cannot belong to a role.
Notice that the User object for an anonymous user is a GenericPrincipal and while it implements IPrincipal, the IsUserInRole method always returns false because there are no roles supplied when it is created by FormsAuthenticationModule.
Also notice that the User object for an authenticated user is a RolePrincipal, which queries RoleManager in IsUserInRole.
Sky Sanders
2010-05-18 11:08:10
A:
Until the user don't login to your application, application behave it as an anonymous user and this user is no known for your application.
masoud ramezani
2010-05-18 11:14:07
A:
This is the default behavior, the anonymous user has no roles.
But if it returns false you can't be sure the user is not authenticated (better use User.Identity.IsAuthenticated property).
Marc Climent
2010-05-18 11:22:28