FormsAuthenticationService does not enable Roles when using a persisted cookie

Aug 20, 2010 at 11:50 AM

Hi,

I have come across a bug where users are unable to access Role secured resources when they have chosen to persist the cookie between sessions.

In this scenario

LoadUserOperation luo = MyWebContext.Current.Authentication.LoadUser();
is called rather than
LoginOperation lo = MyWebContext.Current.Authentication.Login(new LoginParameters(this.txtUsername.Text, this.txtPassword.Password, this.chkKeepLoggedIn.IsChecked.GetValueOrDefault(false), null));
this means that 
if (_enableRoles) {
    FormsAuthenticationHelper.Enable(this.GetType());
}
is never called as it is currently in 
public TUser Login(string userName, string password, bool isPersistent, string customData)
as a fix I have moved it into the constructor
protected FormsAuthenticationService(bool enableRoles) {
    _enableRoles = enableRoles;
    _cookieLifetime = TimeSpan.FromMinutes(30);

    if (_enableRoles) {
        FormsAuthenticationHelper.Enable(this.GetType());
    }
}