When does Application_AuthenticateRequest fires?

[Guest]

I am using .net 1.1

In the global.asax.cs file, there is this entry:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

as far as I know, it is wired with the

FormsAuthentication_OnAuthenticate event.

My question is, when does the event exactly fire? My testing shows, that it
fires with every request on an aspx file.. I thought it does it only, if you
want to access an aspx in a secured folder (secured by the web.config entry:
deny users=? as example.)

But that event fires everywhere, even in folders, that are completely open
(allow users=*).

 

[Brock Allen]

Yes, this is the event in HttpRuntime's sequence of events that fire for
every request into ASP.NET. This step is the one that's supposed to determine
who the user is. If you'rte using Forms Authentication then there is code
that reads the cookie and determines the user and it sets the HttpContext.User
property based upon what's in the cookie. So yeah, this fires for every request
since you'd like to know who the user is upon every request

If the user is anonymous then the forms auth code has nothing to do. Now
the event that fire right after AuthenticateRequest is AuthorizeRequest and
this is where the <authorization> settings are enforced. So the prior step
identified the user, this next step see if that user is allowed to hit the
page they're requesting.

This URL talks about the other events that fire:

http://msdn2.microsoft.com/en-us/library/system.web.httpapplication.aspx