When exactly Application_AuthenticateRequest event is fired?

Discussion in 'ASP .Net Security' started by Andrew, Dec 23, 2005.

  1. Andrew

    Andrew Guest

    Hello, friends,

    In our forms authentication asp.net app, I used
    FormsAuthentication.SetAuthCookie() to authenticate a new registered user
    like the follows:

    //...already create a new userID from our DB
    FormsAuthentication.SetAuthCookie(Request.Form["loginName"], true);

    Then I planned in Application_AuthenticateRequest() to assign roles to this
    new user using GenericPrincipal().

    However, although I set breakpoint, it did not stop. I thought that calling
    FormsAuthentication.SetAuthCookie() would trigger
    Application_AuthenticateRequest() event.

    So, at exactly what condition, an Application_AuthenticateRequest event will
    be fired?

    Thanks a lot.
     
    Andrew, Dec 23, 2005
    #1
    1. Advertisements

  2. hi,

    AuthenticateRequest gets fired on each request -

    if you want to add code there to get roles for the user do something like
    this:

    if (Context.Request.IsAuthenticated)
    {

    // get roles
    // create GenericPrincipal
    // set Context.User

    }

    after you call SetAuthCookie you need another roundtrip for this event to
    fire - e.g. a redirect to your main page etc...
     
    Dominick Baier [DevelopMentor], Dec 24, 2005
    #2
    1. Advertisements

  3. Andrew

    Andrew Guest

    AuthenticateRequest gets fired on each request

    Does that mean that: After a user is authenticated, every request from this
    user aftermath will raise Application_AuthenticateRequest event?

    Then, I think I just need to set role for this new user the first request
    form him/her, right? For the rest of his/her requests, how can I avoid to
    execute the following code again?

    if (Context.Request.IsAuthenticated)
    {

    // get roles
    // create GenericPrincipal
    // set Context.User

    }

    Thanks.


     
    Andrew, Dec 24, 2005
    #3
  4. Hi,

    you can't.

    The code has to execute on every request. You can do some optimizations by
    caching the roles, e.g. in the authentication ticket's userData field.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com
     
    Dominick Baier [DevelopMentor], Dec 24, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.