I’m working for the first time with Forms Authentication, I’m using an example from the web to learn, I included in my web.config

    <authentication mode='Forms'>         <forms name='MYWEBAPP.ASPXAUTH' loginUrl='Login.aspx' protection='All' path='/'/>     </authentication>     <authorization>         <deny users='?'/>     </authorization> 

Then I created a page for logging in ‘login.aspx’, and coded this on a button, just to start;

private void btnLogin_Click(Object sender, EventArgs e)     {         // Initialize FormsAuthentication         FormsAuthentication.Initialize();           // Create a new ticket used for authentication          FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(             1, // Ticket version             Username.Value, // Username associated with ticket             DateTime.Now, // Date/time issued             DateTime.Now.AddMinutes(30), // Date/time to expire             true, // 'true' for a persistent user cookie             'accountants, seekers, copiers, typers', // User-data, in this case the roles             FormsAuthentication.FormsCookiePath);// Path cookie valid for           // Encrypt the cookie using the machine key for secure transport           string hash = FormsAuthentication.Encrypt(ticket);          HttpCookie cookie = new HttpCookie(             FormsAuthentication.FormsCookieName, // Name of auth cookie             hash); // Hashed ticket           // Set the cookie's expiration time to the tickets expiration time          if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;           // Add the cookie to the list for outgoing response          Response.Cookies.Add(cookie);     } 

Also I coded in Global.asax;

protected void Application_AuthenticateRequest(object sender, EventArgs e) {     if(HttpContext.Current.User != null)     {         if(HttpContext.Current.User.Identity.IsAuthenticated)         {             if (HttpContext.Current.User.Identity is FormsIdentity)             {                 FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;                 FormsAuthenticationTicket ticket = id.Ticket;                  // Get the stored user-data, in this case, our roles                 string userData = ticket.UserData;                 string[] roles = userData.Split(',');                 HttpContext.Current.User = new GenericPrincipal(id, roles);             }         }     } } 

And finally in another page I tried to confirm the roles aquired;

protected void Page_Load(object sender, EventArgs e) {     string str = null;      if (User.IsInRole('seekers'))     {         str += ' seekers ';     }      if (User.IsInRole('accountants'))     {         str += ' accountants ';     }      if (User.IsInRole('copiers'))     {         str += 'copiers';     }      Response.Write(str); } 

But something strange happens cause it only writes ‘accountants’ (note that ‘accountants’ is the firts element in the delimited comma string) and not the other roles, which were supposed to be showed. I changed the order of the role list in the btnlogin click event writing ‘copiers’ as the first element and it’s written only ‘copiers’ in the page.

I’ve tried with different combinations and always is printed the first element of the delimited comma string.

Sorry by my ignorance but what is happening here, are all the roles there or not? is normal? or there’s something I’m forgetting here?

Thanks in advance.