Hi, using HandleFormsLogin will authenticate the user, but not impersonate that user. The user will not be available until the next request, as the method only authenticate the user and then writes the neccessary forms cookies to the response. The GetPage method uses the HttpContext.Current.User property (in some way or another) to do access checks against, and that user is still the old one. You can use the overloaded DataFactory GetPage method to specify that no access checks should be done, or impersonate the user in a similar way to the one described in this FAQ article: http://www.episerver.com/templates/faq____943.aspx /Steve

Thanks, that solved the problem. I changed my code to the following and it works well (my page is not an EpiServer-template): IPrincipal principal, oldprincipal; oldprincipal=HttpContext.Current.User; principal=AuthenticationProvider.Authenticate(this, user, pass); HttpContext.Current.User=principal; PageData data=Global.EPDataFactory.GetPage(new PageReference(3)); // using page data object ..... HttpContext.Current.User=oldprincipal; /Håkan

Just to make sure you do this in the most optimal way. Are you doing the impersonation because you are not logged in? If you always log in with a system user in order to do this, you could just ask for the page like this: PageData data = Global.EPDataFactory.GetPage(pageref, AccessControlList.NoAccess); It will perform much faster, and you do not have to authenticate first, which is a rather performance expensive task. I know, the NoAccess name is not exactly meaningful in this context. Think of it as "NoAccessCheck" :-) /Steve