Hello,
According to my book, if role management is enabled, then RoleManagerModule creates the security context of the user by assigning RolePrincipal object to the HttpRequest.User. But isn’t security context already created ( thus principal object being assigned to HttpContext.User ) by FormsAuthenticationModule, which is called prior to RoleManagerModule being called?
I’m asking this, because in the following code principal object assigned to HttpRequest.User already exists, even though RoleManagerModule has not yet been called:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated && Roles.Enabled)
{
//here we subscribe user to a role via Roles.AddUserToRole()
}
}
Thus is principal object created by FormsAuthenticationModule and assigned to HttpRequest.User, later replaced by RolePrincipal object ( created by RoleManagerModule )?
thanx