您现在肯定已经解决了问题，但是以防万一，如果您使用的是ASP.NET中的RoleProvider，则RoleManagerModule会覆盖由ASP.NET创建的GenericPrincipal对象.在PostAuthenticateRequest期间，使用FormsAuthenticationModule并将其替换为RolePrincipal对象: http://www.asp.net/Learn/Security/tutorial-11 -vb.aspx

You surely have resolved your problem by now but just in case, if you are using the RoleProvider from ASP.NET, the RoleManagerModule overwrites the GenericPrincipal object created by the FormsAuthenticationModule and replaces it with a RolePrincipal object during the PostAuthenticateRequest: http://www.asp.net/Learn/Security/tutorial-11-vb.aspx