When exactly Application_AuthenticateRequest event is fired?

Discussion in 'ASP .Net Security' started by Andrew, Dec 23, 2005.

  1. Andrew

    Andrew Guest

    Hello, friends,

    In our forms authentication asp.net app, I used
    FormsAuthentication.SetAuthCookie() to authenticate a new registered user
    like the follows:

    //...already create a new userID from our DB
    FormsAuthentication.SetAuthCookie(Request.Form["loginName"], true);

    Then I planned in Application_AuthenticateRequest() to assign roles to this
    new user using GenericPrincipal().

    However, although I set breakpoint, it did not stop. I thought that calling
    FormsAuthentication.SetAuthCookie() would trigger
    Application_AuthenticateRequest() event.

    So, at exactly what condition, an Application_AuthenticateRequest event will
    be fired?

    Thanks a lot.
    Andrew, Dec 23, 2005
    1. Advertisements

  2. hi,

    AuthenticateRequest gets fired on each request -

    if you want to add code there to get roles for the user do something like

    if (Context.Request.IsAuthenticated)

    // get roles
    // create GenericPrincipal
    // set Context.User


    after you call SetAuthCookie you need another roundtrip for this event to
    fire - e.g. a redirect to your main page etc...
    Dominick Baier [DevelopMentor], Dec 24, 2005
    1. Advertisements

  3. Andrew

    Andrew Guest

    AuthenticateRequest gets fired on each request

    Does that mean that: After a user is authenticated, every request from this
    user aftermath will raise Application_AuthenticateRequest event?

    Then, I think I just need to set role for this new user the first request
    form him/her, right? For the rest of his/her requests, how can I avoid to
    execute the following code again?

    if (Context.Request.IsAuthenticated)

    // get roles
    // create GenericPrincipal
    // set Context.User



    Andrew, Dec 24, 2005
  4. Hi,

    you can't.

    The code has to execute on every request. You can do some optimizations by
    caching the roles, e.g. in the authentication ticket's userData field.

    Dominick Baier - DevelopMentor
    Dominick Baier [DevelopMentor], Dec 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.