I\'m trying to get a reference to the user object in my Global.asax file\'s Application_BeginRequest
. I\'m using the property Context.User
but I ge
No, you must use Application_AuthenticateRequest
instead. That's the earliest point where you have an user.
You don't have access to the User object because the request hasn't yet been authenticated.
Try using Application_AuthenticateRequest instead.
Here is an explanation of all Global.asax events: https://web.archive.org/web/1/http://articles.techrepublic%2ecom%2ecom/5100-10878_11-5771721.html
And the MSDN walkthrough of the application lifecycle: http://msdn.microsoft.com/en-us/library/ms178473.aspx
Edit: I see what you're doing. Change your if statement to and if not statement (sorry if syntax is wrong, I don't use VB.NET):
Sub Application_AuthenticateRequest()
If Context.User <> Nothing Then
Throw New Exception("User now exists")
End Sub
You'll notice that this method gets hit more than once. The exception won't be thrown until the second or third time. That is because every request follows the application lifecycle. So, instead of performing whatever action when the user is null, you should perform it when the user is not null.
If your goal is to restrict access dynamically, you should create a separate HttpModule and assign it to the files you're restricting
However, you'll need to be careful not to undertake rewriting the entire ASP.NET Application Security infrastructure. You can, instead, restrict access to certain folders based on role.