I'm setting up some role-based security with forms authentication on a web site. The problem I am having is that after the Redirect, the IsInRole method is not giving the expected results. Here is the code I am using:

' from login page
    Public Sub OnSubmit(ByVal sender As System.Object, ByVal e As System.EventArgs)

        If (CustomAuthenticate(UserName.Text, Password.Text)) Then
            Dim url As String = FormsAuthentication.GetRedirectUrl(UserName.Text, RememberMe.Checked)
            FormsAuthentication.SetAuthCookie(UserName.Text, RememberMe.Checked)

            If (RememberMe.Checked) Then
                Dim cookie As HttpCookie = Response.Cookies(FormsAuthentication.FormsCookieName)
                cookie.Expires = DateTime.Now.Add(New TimeSpan(7, 0, 0, 0))
            End If

            Response.Redirect(url)
        Else
            Output.Text = "Invalid login"
        End If
    End Sub

' from global.asax
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        ' Fires upon attempting to authenticate the use
        If Request.IsAuthenticated() Then

            'Dim ws As New TMSServices.InternalService

            'ws.Url = ConfigurationSettings.AppSettings("ws" & Server.MachineName) & "InternalService.asmx"
            'ws.Credentials = System.Net.CredentialCache.DefaultCredentials

            'Dim Roles() As String
            'Roles = ws.GetRolesArray(Context.User.Identity.Name)

            Dim Roles() As String = {"SuperAdmin"}

            ' Add our Principal to the current context
            Thread.CurrentPrincipal = New GenericPrincipal(Context.User.Identity, Roles)
        End If
    End Sub

' the target aspx page
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here

        Label1.Text = Context.User.Identity.Name
        Label2.Text = "User is a SuperAdmin: " & User.IsInRole("SuperAdmin").ToString

    End Sub

The final execution of Application_AuthenticateRequest before the target page is displayed shows that Request.IsAuthenticated is True and Thread.CurrentPrincipal.IsInRole("SuperAdmin") is True, but User.IsInRole("SuperAdmin") evaluates to False. In the Page_Load of the target web page, User.Identity.Name evaluates to the user name I entered in the login page, but both CurrentPrincipal.IsInRole("SuperAdmin") and User.IsInRole("SuperAdmin") evaluate to False.

It feels like I am mixing together two separate methods for authorization, but I can't put my finger on the problem. Somehow I am losing the GenericPrincipal I created in the Application_AuthenticateRequest event when I get to the Page_Load.

Any ideas on where I've gone wrong?

Also, is there a method to display all of the roles for the User or CurrentPrincipal?

TIA