تحرير

DefaultAuthenticationModule.Authenticate Event

  • Reference

Definition

Namespace:
System.Web.Security
Assembly:
System.Web.dll

Occurs after the request has been authenticated.

public:
 event System::Web::Security::DefaultAuthenticationEventHandler ^ Authenticate;
public event System.Web.Security.DefaultAuthenticationEventHandler Authenticate;
member this.Authenticate : System.Web.Security.DefaultAuthenticationEventHandler 
Public Custom Event Authenticate As DefaultAuthenticationEventHandler

Event Type

DefaultAuthenticationEventHandler

Examples

The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext instance is null. If the User property is null, then the sample sets the User property of the current HttpContext instance to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default."

Note

The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext instance to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users="?" /> in the authorization configuration section to ensure that only authenticated users have access to your site, this sample will cause the deny element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users="default" /> to ensure that only authenticated users can access your site.

public void DefaultAuthentication_OnAuthenticate(object sender,
                                                 DefaultAuthenticationEventArgs args)
{
  if (args.Context.User == null)
    args.Context.User = 
      new System.Security.Principal.GenericPrincipal(
        new System.Security.Principal.GenericIdentity("default"),
        new String[0]);
}

Public Sub DefaultAuthentication_OnAuthenticate(sender As Object, _
                                                args As DefaultAuthenticationEventArgs)
  If args.Context.User Is Nothing Then
    args.Context.User = _
      new System.Security.Principal.GenericPrincipal( _
        new System.Security.Principal.GenericIdentity("default"), _
        new String(0) {})
  End If
End Sub

Remarks

The Authenticate event is raised after the AuthenticateRequest event. It is used to ensure that the User property of the current HttpContext instance is populated with an IPrincipal object.

You can access the Authenticate event of the DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.

You can use the Context property of the DefaultAuthenticationEventArgs object in the DefaultAuthentication_OnAuthenticate event to set the User property of the current HttpContext instance to a custom IPrincipal object. If you do not specify a value for the User property, the DefaultAuthenticationModule sets the User property of the HttpContext instance to a GenericPrincipal object that contains no user information.

The DefaultAuthentication_OnAuthenticate event is raised after the AuthenticateRequest event and before the AuthorizeRequest event. If you have an authorization section that depends on the user name to deny or allow access to your application, modifying the User property of the current HttpContext instance can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the authorization section in your configuration.

Note

If the Web application is running in IIS 7.0 in Integrated mode, the Authenticate event of the DefaultAuthenticationModule is not raised. If the mode attribute of the authentication configuration element is set to "None" and the application subscribes to the Authenticate event, a PlatformNotSupportedException error is raised. In this scenario, to receive authentication notification, subscribe to the AuthenticateRequest event of the HttpApplication instance. For more information about compatibility issues in Integrated mode, see Moving an ASP.NET Application from IIS 6.0 to IIS 7.0.

Applies to

See also