// this method is called after a user authenticates with forms authentication. // We make a call here to a helper method that sets the thread principal/identity to the authenticated users identity // we can then use System.Threading.Thread.CurrentPrincipal to check for authorization when accessing sensitive areas in the server side code protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { if (Request.IsAuthenticated) { FormsAuthenticationHelper.SetCurrentPrincipal(); } }