current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
stack overflow careers
Sign up ×
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute:
up vote 0 down vote favorite

I am using the code below in a controller to authenticate users for an API. Excluding the User.IsInRole("API-Admin") if statement seems to work as expected (bypassing the UserInRole method). When I execute the code below I have to call the API twice in order to authenticate the user. 

    // GET api/RedemptionByProgram_Life/5
    [ResponseType(typeof(API_RedemptionByProgram_Life))]
    public IHttpActionResult GetAPI_RedemptionByProgram_Life(string username, string password, int id)
    {
        API_RedemptionByProgram_Life api_redemptionbyprogram_life = db.API_RedemptionByProgram_Life.Find(id);

        if (!Membership.ValidateUser(username, password))
        {
            return NotFound();

        }else
        {
            FormsAuthentication.SetAuthCookie(username, false);

            if (User.IsInRole("API-Admin"))
            {
                // FormsAuthentication.SignOut();
                return Ok(api_redemptionbyprogram_life);
            }
        }
            if (api_redemptionbyprogram_life == null)
            {
                return NotFound();
            }
            return NotFound();
        }
share|improve this question

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.