Listing 6. Application_OnAuthenticateRequest Method in Global.asax

Listing 6. Application_OnAuthenticateRequest method in Global.asax

<%@ import namespace="System.Security.Principal" %>
<script language="C#" runat="server">

protected void Application_OnAuthenticateRequest(Object sender, EventArgs e)
{
   if (HttpContext.Current.User != null)
   {       
      if (HttpContext.Current.User.Identity.IsAuthenticated)
      {
         if (HttpContext.Current.User.Identity is FormsIdentity)
         {
            // Get Forms Identity From Current User
            FormsIdentity id = (FormsIdentity)
            HttpContext.Current.User.Identity;
      
            // Get Forms Ticket From Identity object
            FormsAuthenticationTicket ticket = id.Ticket;
        
            // Retrieve stored user-data (role information is assigned when the ticket
            // is created, separate multiple roles with commas)
            string userData = ticket.UserData;
            string[] roles = userData.Split(',');
        
            // Create a new Generic Principal Instance and assign to Current User
            HttpContext.Current.User = new GenericPrincipal(id, roles);
         }
      }
   }
}

Note:

Users can be a member of more than one role. Just use a comma-separated list when you define the FormsAuthenticationTicket's userData.
Application_OnAuthenticateRequest handles parsing the string into individual roles and assigns them appropriately when the GenericPrincipal is created.