SessionAuthenticationModule.OnAuthenticateRequest(Object, EventArgs) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Handles the AuthenticateRequest event from the ASP.NET pipeline.
protected:
virtual void OnAuthenticateRequest(System::Object ^ sender, EventArgs ^ eventArgs);protected virtual void OnAuthenticateRequest (object sender, EventArgs eventArgs);abstract member OnAuthenticateRequest : obj * EventArgs -> unit
override this.OnAuthenticateRequest : obj * EventArgs -> unitProtected Overridable Sub OnAuthenticateRequest (sender As Object, eventArgs As EventArgs)Parameters
- sender
- Object
The source for the event. This will be an HttpApplication object.
- eventArgs
- EventArgs
The data for the event.
Exceptions
There is not a valid session token handler configured. (There is no SessionSecurityTokenHandler configured in the SecurityTokenHandlers property.)
Remarks
This method does the following:
Invokes the TryReadSessionTokenFromCookie method to read a SessionSecurityToken from the session cookie, if one is present.
If a session security token cannot be read (most likely because a session has not been established), return.
Invokes the OnSessionSecurityTokenReceived method to raise the SessionSecurityTokenReceived event. This provides an opportunity for the token read from the cookie to be modified or for the request to be canceled. The handler can also specify that the token should be reissued, by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie property.
If the token is to be reissued, removes it from the cache and invokes the OnSessionSecurityTokenCreated method to raise the SessionSecurityTokenCreated event. This provides opportunity for the token to again be modified. The reissue behavior can also be modified by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property in the event handler.
Invokes the AuthenticateSessionSecurityToken method to authenticate the user. If successful, this has the effect of setting the Thread.CurrentPrincipal property to the principal that is contained in the SessionSecurityToken.ClaimsPrincipal property of the incoming token.
If the session has expired, invokes the SignOut method.
The OnAuthenticateRequest method is added to the handlers for the HttpApplication.AuthenticateRequest event in the InitializeModule method.
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for