At any rate I wanted to add Facebook login to my (personal) website and didn't want to use the build in authentication (why bother the user with one more very forgettable useless password?)
So I deleted all authorization code and I have an account controller which take the facebook id and check it against Facebook server and set up a Session property with relevant Facebook data
now when I add an [Auhorize] attribute on my method it doesn't work (normal) I wonder how I could setup the user! I have code which create an IPrincipal (from facebook info) and set it to the HttpContext.User but it's lost on next query.
I tried override myControl.Initialize(RequestConterxt) and setup the current user (as in request.HttpContext.User = ...)
But I got a stranger error when I do that (which involve none of my code!!!!!):