I'm migrating to .net and my current implementation uses the standard kind of login procedure you would expect in vanilla asp...<BR><BR>I am now using forms authentication in .net but have hit a problem. In my old version if a user logs in and stores a cookie to remember their login details, any time they go to a protected part of the site they automatically get logged in using the account details in the cookie. This automatic login (essentially same as normal login script) does more than just authenticate them - it also retrieves information such as their preferences and first name etc and puts it into session variables. Now with .net forms authentication, if you decide to persist with your login cookie, it simply reads the cookie and checks if it is a valid and authenticated cookie and then allows you access to the protected resource. This therefore makes it impossible (?) to add custom code to the authentication process... OR please tell me this aint so coz what the heck would then be the point of forms authentication other than a very simple but limited security method???<BR><BR>What btw would happen if a user logged in and persisted his login details with a cookie, and then changed his password. Would the site still simply log them in irrespective of the fact that the authenticated cookie was actually now incorrect compared to the database details?<BR><BR>Hope i've made sense 
<BR>Thanks,<BR>AntonThe answer lies in using a global.asax event:<BR><BR>http://aspn.activestate.com/ASPN/Mail/Message/DevelopMentor-dotNET/751723
<BR>Thanks,<BR>AntonThe answer lies in using a global.asax event:<BR><BR>http://aspn.activestate.com/ASPN/Mail/Message/DevelopMentor-dotNET/751723