ASP.Net Membership principalpermission issues

Question

I'm running into an issue with the PrinciplePermissionAttribute causing exceptions. Any pages where I have the attribute on the Load method throw an exception immediately after initial login.

<PrincipalePermission(SecurityAction.Demand, role:="Level1")> _
Protected Sub Page_Load(ByVal sender As Object, ByVal e as System.EventArgs) Handles Me.Load
End Sub

This throws the exception Request for principal permission failed.

If I remove this the page loads fine and I can navigate to another page that does have this same attribute and it works flawlessly. Also if I use the Membership systems Roles.IsUserInRole() function I do not have an issue.

I have noticed that after initial login that my Thread.CurrentPrincipal is of type GenericPrincipal and not the RolePrincipal. Subsequent requests show the correct type in place of the generic. I tried to force this in the Global.asax file in the PostAuthenticate event but asp.net seems to be setting the GenericPrincipal after this happens.

Any ideas on how to fix this behavior or am I stuck using the Roles.IsUserInRole() method?

UPDATE
After finding some explanation into whats happening in the pipeline here I can see why changing it in the Global.asax didn't help. I had a prototype project from earlier that I tested this with and I could not reproduce it there. I do wonder if it has anything to do with the project type. The prototype is a Web Site project and the problematic one is a Web Application project.

I do think its odd that the GenericPrincipal is changed to the RolePrincipal but only after the initial request has processed. So its hard to say that its not working its like it just doesn't happen before my 'Page_Load' executes.

Answer 1

I think you are using Forms authentication...

PrincipalPermission attribute checks Thread.CurrentPrincipal. Roles.IsUserInRole() checks HttpContext.Current.User. So if they are different you can correct this in Global.asax file at Application_AuthenticateRequest event.