protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e) { if (FormsAuthentication.CookiesSupported == true) { if (Request.Cookies[FormsAuthentication.FormsCookieName] != null) { try { //let us take out the username now string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name; string roles = string.Empty; Account account = new Account(); AccountRolService service = new AccountRolService(); RolService service1 = new RolService(); AccountService accservice = new AccountService(); // username = '******' // AcountService.GetUserIdByName(string username); => userid // AcountRolService.GetListRoleIdByUserId(int userid) => listRoleId // RoleService.GetListRoleNameByListRoleId( List<int> listRoldId) => listRoleName // lstRoleName => string. Vi du: "admin;user" var userid = accservice.GetUserIDByUsername(username); var listrole = service.GetListRoleIDByUserID(userid); var listrolename = service1.GetListRoleNameByListRoleId(listrole); roles = String.Join(";", listrolename.ToArray()); //let us extract the roles from our own custom cookie //Let us set the Pricipal with our user specific details HttpContext.Current.User = new System.Security.Principal.GenericPrincipal( new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split()); } catch (Exception ex) { //somehting went wrong } } } }