DefaultAuthenticationModule.Authenticate Event

 

Occurs after the request has been authenticated.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public event DefaultAuthenticationEventHandler Authenticate

The Authenticate event is raised after the AuthenticateRequest event. It is used to ensure that the User property of the current HttpContext instance is populated with an IPrincipal object.

You can access the Authenticate event of the DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.

You can use the Context property of the DefaultAuthenticationEventArgs object in the DefaultAuthentication_OnAuthenticate event to set the User property of the current HttpContext instance to a custom IPrincipal object. If you do not specify a value for the User property, the DefaultAuthenticationModule sets the User property of the HttpContext instance to a GenericPrincipal object that contains no user information.

The DefaultAuthentication_OnAuthenticate event is raised after the AuthenticateRequest event and before the AuthorizeRequest event. If you have an section that depends on the user name to deny or allow access to your application, modifying the User property of the current HttpContext instance can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the section in your configuration.

System_CAPS_noteNote

If the Web application is running in IIS 7.0 in Integrated mode, the Authenticate event of the DefaultAuthenticationModule is not raised. If the mode attribute of the configuration element is set to "None" and the application subscribes to the Authenticate event, a PlatformNotSupportedException error is raised. In this scenario, to receive authentication notification, subscribe to the AuthenticateRequest event of the HttpApplication instance. For more information about compatibility issues in Integrated mode, see Moving an ASP.NET Application from IIS 6.0 to IIS 7.0.

The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext instance is null. If the User property is null, then the sample sets the User property of the current HttpContext instance to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default."

System_CAPS_noteNote

The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext instance to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users="?" /> in the configuration section to ensure that only authenticated users have access to your site, this sample will cause the element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users="default" /> to ensure that only authenticated users can access your site.

public void DefaultAuthentication_OnAuthenticate(object sender,
                                                 DefaultAuthenticationEventArgs args)
{
  if (args.Context.User == null)
    args.Context.User = 
      new System.Security.Principal.GenericPrincipal(
        new System.Security.Principal.GenericIdentity("default"),
        new String[0]);
}

.NET Framework
Available since 1.1
Return to top
Show: