When does Application_AuthenticateRequest fires?

Discussion in 'ASP .Net' started by =?Utf-8?B?dGhlIGZyaWVuZGx5IGRpc3BsYXkgbmFtZQ==?=, Dec 22, 2005.

  1. I am using .net 1.1

    In the global.asax.cs file, there is this entry:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)

    as far as I know, it is wired with the

    FormsAuthentication_OnAuthenticate event.

    My question is, when does the event exactly fire? My testing shows, that it
    fires with every request on an aspx file.. I thought it does it only, if you
    want to access an aspx in a secured folder (secured by the web.config entry:
    deny users=? as example.)

    But that event fires everywhere, even in folders, that are completely open
    (allow users=*).
    =?Utf-8?B?dGhlIGZyaWVuZGx5IGRpc3BsYXkgbmFtZQ==?=, Dec 22, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?dGhlIGZyaWVuZGx5IGRpc3BsYXkgbmFtZQ==?=

    Brock Allen Guest

    Yes, this is the event in HttpRuntime's sequence of events that fire for
    every request into ASP.NET. This step is the one that's supposed to determine
    who the user is. If you'rte using Forms Authentication then there is code
    that reads the cookie and determines the user and it sets the HttpContext.User
    property based upon what's in the cookie. So yeah, this fires for every request
    since you'd like to know who the user is upon every request :)

    If the user is anonymous then the forms auth code has nothing to do. Now
    the event that fire right after AuthenticateRequest is AuthorizeRequest and
    this is where the <authorization> settings are enforced. So the prior step
    identified the user, this next step see if that user is allowed to hit the
    page they're requesting.

    This URL talks about the other events that fire:

    http://msdn2.microsoft.com/en-us/library/system.web.httpapplication.aspx

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > I am using .net 1.1
    >
    > In the global.asax.cs file, there is this entry:
    >
    > protected void Application_AuthenticateRequest(Object sender,
    > EventArgs e)
    >
    > as far as I know, it is wired with the
    >
    > FormsAuthentication_OnAuthenticate event.
    >
    > My question is, when does the event exactly fire? My testing shows,
    > that it fires with every request on an aspx file.. I thought it does
    > it only, if you want to access an aspx in a secured folder (secured by
    > the web.config entry: deny users=? as example.)
    >
    > But that event fires everywhere, even in folders, that are completely
    > open (allow users=*).
    >
    Brock Allen, Dec 22, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Kingscott
    Replies:
    0
    Views:
    468
    Mike Kingscott
    Jun 30, 2003
  2. Nugs

    Application_AuthenticateRequest

    Nugs, Apr 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    1,194
  3. =?Utf-8?B?ZGFubWFuMjI2?=

    Application_AuthenticateRequest cannot read Session variable

    =?Utf-8?B?ZGFubWFuMjI2?=, Apr 18, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    12,369
    Brock Allen
    Apr 18, 2005
  4. Alessio Brizi

    Application_AuthenticateRequest Problem

    Alessio Brizi, Jul 8, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    583
    Alessio Brizi
    Jul 8, 2005
  5. Replies:
    3
    Views:
    977
Loading...

Share This Page