In which part of the Global.asax lifecycle can I safely 'use' the User object? I'm using the default forms authentication and noticed the following:
Sub Application_BeginRequest()
'Context.User Is Nothing
End Sub
Sub Application_AuthenticateRequest()
'Context.User Is Nothing
End Sub
Sub Application_AuthorizeRequest()
'Context.User is available
'Context.User.IsInRole() returns false while user is in role
End Sub
Seems like AuthorizeRequest() should be the place, however IsInRole() doesn't return the expected true. Am I missing something here?