/// <summary> /// //Load user data and set user role (login User type) /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Application_AuthenticateRequest(Object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { //Load user data and set user role (login User type) if (HttpContext.Current.User.Identity is FormsIdentity) { string strUserData; UserData objUserData; //1. Get Authentication Data strUserData = WebSecurity.GetAuthData(); objUserData = new UserData(strUserData); //2. Check whether user role has been changed(only check administrator) //if changed, signout and redirect to login page if (objUserData.UserType != UserType.User) { UserType enmUserType = UserType.User; BusinessServices.User objUser = new BusinessServices.User(); //try //{ int uid = UserContext.UserID; enmUserType = objUser.GetUserType(uid); //} //catch (Exception ex) //{ // throw new ApplicationException("Convert UserID to int32 failed, UserID = '" + UserContext.UserID.ToString() + "'"); //} if (enmUserType != objUserData.UserType) { WebSecurity.SignOut(); } } //3.Save the user data in the current context UserContext.UserData = objUserData; //4. Set User Roles (Login User type act as user role, they are: SaltAdmin = 1, OrgAdmin = 2, UnitAdmin = 3, User = 4 string[] roles = new string[1]; roles[0] = UserContext.UserData.UserType.ToString(); HttpContext.Current.User = new GenericPrincipal(HttpContext.Current.User.Identity, roles); } } } }