SessionAuthenticationModule.OnAuthenticateRequest Method

.NET Framework 4.5

Handles the HttpApplication.AuthenticateRequest event from the ASP.NET pipeline.

Namespace:  System.IdentityModel.Services
Assembly:  System.IdentityModel.Services (in System.IdentityModel.Services.dll)

protected virtual void OnAuthenticateRequest(
	Object sender,
	EventArgs eventArgs
)

Parameters

sender
Type: System.Object

The source for the event. This will be an HttpApplication object.

eventArgs
Type: System.EventArgs

The data for the event.

ExceptionCondition
InvalidOperationException

There is not a valid session token handler configured. (There is no SessionSecurityTokenHandler configured in the SecurityTokenHandlers property.)

This method does the following:

  1. Invokes the TryReadSessionTokenFromCookie method to read a SessionSecurityToken from the session cookie, if one is present.

  2. If a session security token cannot be read (most likely because a session has not been established), return.

  3. Invokes the OnSessionSecurityTokenReceived method to raise the SessionSecurityTokenReceived event. This provides an opportunity for the token read from the cookie to be modified or for the request to be canceled. The handler can also specify that the token should be reissued, by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie property.

  4. If the token is to be reissued, removes it from the cache and invokes the OnSessionSecurityTokenCreated method to raise the SessionSecurityTokenCreated event. This provides opportunity for the token to again be modified. The reissue behavior can also be modified by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property in the event handler.

  5. Invokes the AuthenticateSessionSecurityToken method to authenticate the user. If successful, this has the effect of setting the Thread.CurrentPrincipal property to the principal that is contained in the SessionSecurityToken.ClaimsPrincipal property of the incoming token.

  6. If the session has expired, invokes the SignOut method.

The OnAuthenticateRequest method is added to the handlers for the HttpApplication.AuthenticateRequest event in the InitializeModule method.

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft