How to change Context.User after changing the role of the user

StackOverflow https://stackoverflow.com/questions/22599994

Question

I am working on the process of creating and vetting new users. After a user has registered, they are sent a link -containing a query string with a token- to their email so they can verify their email address. When a user clicks the link, they are redirected to a page that validates their info, then changes their role from Guest to Member.

Process flow

Email > verifyEmail.aspx > dashboard.aspx

When a user is already logged in to the web app, and they click the link from their email, their role changes accordingly; however, when they are redirected to dashboard.aspx, User.IsInRole("Member") is false. After logging out, then logging back in, User.IsInRole("Member") is true. So my question is, how can I update the identity of a user, and also the Context of the user without forcing them sign out then log back in? I am guessing it has to do with the cookie for Roles?

Code 

    If userToken.Token1 = token Then
      Dim userRole = Roles.GetRolesForUser(authUser)
      Dim userIdentity = New GenericIdentity(authUser)
      Dim principal = New GenericPrincipal(userIdentity, userRole)
      Dim isOnline As Boolean = False

      If HttpContext.Current IsNot Nothing AndAlso HttpContext.Current.User.Identity.IsAuthenticated Then
        If Not Membership.GetUser.ProviderUserKey Is Nothing Then
          isOnline = True
        End If
      End If

      Context.User = principal

      If User.IsInRole("Guest") = True AndAlso User.IsInRole("Member") = False Then
        Roles.AddUserToRole(User.Identity.Name, "Member")
        Roles.RemoveUserFromRole(User.Identity.Name, "Guest")

        If isOnline = True Then
          '***do stuff here to change the context
          Response.Redirect("../Account/GetStarted.aspx")
        End If
      End If
    End If
Was it helpful?

Solution

Assuming you are using form Authentication,may be you need to use following method:

FormsAuthentication.SetAuthCookie

This will "Creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication."

taken from MSDN

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top