Steve,

>I am building a project for an Intranet application in which I don't want the users to log in to the application specifically - if they have already logged in to Windows. I still want to use the role-based security within the framework to manage application users. If the user is already authenticated via Windows/IIS, I would like to pick up the userid from the HttpContext and register the user with the application. It looks like the SecurityMgr.RegisterUser will handle the registration for me, but at what point in the application should this be done? Can I do it without a password? Is there a better approach?

You may want to override the mmBusinessWebPage.RedirectToLogin() method. If you set a page's RequiresSecurity property to true, it executes RedirectToLogin() which, by default, takes the user to the UserLogin.aspx page. You can change this so it grabs the user ID from the environment and registers the user with the User Manager. To see the code you need for this, check out the MM .NET mmBaseUserLogin.aspx page's Login() method.

Regards,