>In my formsAuthentication_OnAuthenticate event I want to >replace the user intrinsic with my own user object. I need to populate my >user object with additional info ( e.g. roles ); however, I do not want to >store this stuff in a cookie, and I don't want to reload it from the >database on each OnAuthenticate event. > >The Session object seems a reasonable place for storing user info, but I >can't access Session from OnAuthenticate. > >What should I do?
I ran into this also. At the point OnAuthenticate fires AcquireSessionState has not yet fired so you are out of luck on session. Were you hoping to use cookieless sessions to remove the requirement of a cookie? You might look at sinking AcquireSessionState(), calling the base, getting out the rest of the info and then replacing the principal here. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
