determining if a user is authenticated

[Robert Rotstein]

How does one determine from Global.Application_BeginRequest() -- where
no Session information is available -- whether the invoking user has
been authenticated?

 

[Guest]

The application events occur in this sequence: BeginRequest,
AuthenticateRequest, AuthorizeRequest. Therefore you can determine if the
user was authenticated only starting at the AuthenticateRequest event
handling, e.g.

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
Dim app As HttpApplication = CType(sender, HttpApplication)
If app.Context.User.Identity.IsAuthenticated Then
'do something
End If
End Sub

 

[Juan T. Llibre]

You don't. There no access to Session from
that event, as you have already found out.

SessionState is not loaded until after the BeginRequest
has fired and before the EndRequest has fired.

Specifically, Session is accessible after AcquireRequestState has fired :

http://msdn.microsoft.com/library/d...papplicationclassacquirerequeststatetopic.asp

You might want to use any event which fires after AcquireRequestState
has fired, like HttpApplication.PreRequestHandlerExecute :

http://msdn.microsoft.com/library/d...papplicationclassacquirerequeststatetopic.asp

You could also use the PreSendRequestContent event :
http://msdn.microsoft.com/library/d...pplicationClassPreSendRequestContentTopic.asp