HttpContext.Current.User is Nothing in Application_AuthenticateRequest

Hi experts,

I have an ASP.NET application in develoment, that uses Forms Authentication.  I have written some code (based on an article from MSDN, if I remember correctly) to store role-information in a ticket in a coockie.

Then in the "Application_AuthenticateRequest" method of Global.asax, I used some information of HttpContect.Current.User to get back to the role-info that was stored in the ticket.

Now, after a few weeks when everything worked fine, all of a sudden the "HttpContect.Current.User" is always equal to Nothing, and I have no clue where to look.  I have checked that none of my security-related code has changed.


LVL 10
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you recently moved to IIS 7? Have a look at this link, especially items 8 to 10:

joriszwaenepoelAuthor Commented:
That's good to know, but I haven't changed the version of IIS.
I am developing using VS2005, and the problem exists with the internal "visual studio development server" and also with the IIS Web Server.  That is why I think it must be a project setting or some programmatic change that caused this change in behaviour.

I have found a workaround (keeping the roles in an session variable, instead of in the authentication ticket), but I would still like to know what caused this.  It could help to prevent similar problems in fututre projects.


joriszwaenepoelAuthor Commented:
I found the reason why the code suddenly failed:
As I added more roles to the application, the amount of data in the ticket increased, until it stopped working.  I discovered that by adding a user with less privileges, for who the original code still worked, then added more privileges until it suddenlmy stopped working.  So I guess there is a limit to the amount of data that can be stored in the ticket (in the coockie).

I now store the role-information in a session variable, ans use that instead.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.