Hi,
I'm trying to get authentication and authorisation working in an ASP .NET MVC2 site.
I've read loads of tutorials and some books which explain how you can use attributes to require authorisation (and membership in a role) like this:
[Authorize(Roles="Admin")]
public ActionResult Index()
{
return View();
}
I've made classes that implement IIdentity and IPrincipal, I create a userPrincipal object once the user has successfully logged in and I add it to a session variable.
When the user goes to another page I want it to set the HttpContext.Current.User to the object that I stored in the session, something like this:
if (Session["User"] != null)
{
HttpContext.Current.User = Session["User"] as MyUser;
}
My question is: Where abouts do I put the code directly above? I tried Application_AuthenticateRequest but it tells me Session state is not available in this context.
Many thanks.