Posted on 2013-01-14
My web.config has webpages that require authorization like this:
<allow roles="Cust" />
<deny users="*" />
I am trying to authenticate a user based on a session variable. If the user is authenticated, then they are authorized to go to pages which require the "Cust" role like "Account.aspx"
If I check the session variable on Page_load or Page_Init, the user needs to refresh twice to go to "Account.aspx". Therefore, I need to check the session variable in the AuthorizeRequest application event. However, at that point I do not have access to Session variable. Any suggestions?