I'm trying to create a use a genericprincipal object with roles
authorization to use in my asp.net apps

My user directs new users to an asp.net login page.
They log in and I use that ifnormation to create a genericidentity.
Then i get their roles from the data store and use that and the
generic identity to create a genericprincipal object.

I then assign the genericprincipal object to the
My.User.CurrentPrincipal.
It all works fine up to this piont

The problem occurs when I navigate to a new page.
I lose the generic identity and all the roles.
Surely I don't need to go to the datastore each time i navigate to a
new page ?
Why aren't all my values of the GenericPrincipal which i attached in
My.user.Currentprincipal
saved for the user's ENTIRE SESSION ?

Thanks
Erick

You have to do that per request.

e.g. in global.asax in the PostAuthenticateRequest event. Be sure to set
HttpContext.Current.User *and* Thread.CurrentPrincipal.

For perf optimization, cache the roles using HttpContext.Current.Cache

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)