IsInRole Works only when user sign in

Why HttpContext.Current.User.IsInRole("Customer") returns false if the user is not logged in, I t开发者_开发技巧hink because user is considered anonymous is this case, Correct?

Thanks

Yes, you are correct. Anonymous users cannot belong to a role.

Notice that the User object for an anonymous user is a GenericPrincipal and while it implements IPrincipal, the IsUserInRole method always returns false because there are no roles supplied when it is created by FormsAuthenticationModule.

Also notice that the User object for an authenticated user is a RolePrincipal, which queries RoleManager in IsUserInRole.

Until the user don't login to your application, application behave it as an anonymous user and this user is no known for your application.

This is the default behavior, the anonymous user has no roles.

But if it returns false you can't be sure the user is not authenticated (better use User.Identity.IsAuthenticated property).