Hi everyone,

I'm working on an ASP.Net 2.0 application and am having a strange issue involving the HttpContext User. It appears to be changing on its own when I go to a particular page/directory.

All of our pages inherit from a base page. In that base page's Page_Load() method we run an authorization check to see if the user can see the page they're going to.

We retrieve the user to check against with this code:

GenericPrincipal objPrincipal = (GenericPrincipal)Context.User;

When I go to this unusual directory the User value isn't me, it's some other username I've never heard of. This username isn't authorized to see these pages, so authorization fails.

This mysterious directory isn't a virtual web, just a regular directory in our website, however I've noticed it has its own Web.Config file. I'm guessing that's a cause of the trouble here.

My question is, how can I investigate this further, in determining what's changing the User value when I go to this directory?