Export (0) Print
Expand All

DefaultAuthenticationModule Class

Ensures that an authentication object is present in the context. This class cannot be inherited.

System.Object
  System.Web.Security.DefaultAuthenticationModule

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public sealed class DefaultAuthenticationModule : IHttpModule

The DefaultAuthenticationModule type exposes the following members.

  NameDescription
Public methodDefaultAuthenticationModuleInitializes a new instance of the DefaultAuthenticationModule class.
Top

  NameDescription
Public methodDisposeReleases all resources, other than memory, used by the DefaultAuthenticationModule.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodInitInitializes the DefaultAuthenticationModule object.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

  NameDescription
Public eventAuthenticateOccurs after the request has been authenticated.
Top

The DefaultAuthenticationModule ensures that the User property of the current HttpContext instance is set to an IPrincipal object for each request. The DefaultAuthenticationModule examines the User property after the AuthenticateRequest event and before the AuthorizeRequest event. If the User property is null, the DefaultAuthenticationModule sets the User property to a GenericPrincipal object that contains no user information.

If the authentication module sets the StatusCode property to 401, the DefaultAuthenticationModule will render an access-denied error page. If the value of the StatusCode property is set to a value greater than 200, the DefaultAuthenticationModule object will end the request. In that case, only HTTP modules that subscribe to the EndRequest event are called prior to the completion of the current request.

The DefaultAuthenticationModule exposes an Authenticate event. You can use this event to provide a custom IPrincipal object for the User property of the current HttpContext instance. The Authenticate event is accessed by specifying an event named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.

The following example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext instance is null. If the User property is null, then the sample sets the User property of the current HttpContext instance to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default."

NoteNote

The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext instance to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users="?" /> in the authorization configuration section to ensure that only authenticated users have access to your site, this sample will cause the deny element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users="default" /> to ensure that only authenticated users can access your site.

public void DefaultAuthentication_OnAuthenticate(object sender,
                                                 DefaultAuthenticationEventArgs args)
{
  if (args.Context.User == null)
    args.Context.User = 
      new System.Security.Principal.GenericPrincipal(
        new System.Security.Principal.GenericIdentity("default"),
        new String[0]);
}

.NET Framework

Supported in: 4.6, 4, 3.5, 3.0, 2.0, 1.1, 1.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft