.NET MVC - Where to check IsInRole() in Global.asax?

Question

In which part of the Global.asax lifecycle can I safely 'use' the User object? I'm using the default forms authentication and noticed the following:

Sub Application_BeginRequest()
    'Context.User Is Nothing
End Sub

Sub Application_AuthenticateRequest()
    'Context.User Is Nothing
End Sub

Sub Application_AuthorizeRequest()
    'Context.User is available
    'Context.User.IsInRole() returns false while user is in role
End Sub

Seems like AuthorizeRequest() should be the place, however IsInRole() doesn't return the expected true. Am I missing something here?

Answer 1

I think you actually want to do it in Post_AuthenticateRequest:

void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
    // Context.User is available now, and IsInRole() should work fine;
}