Occurs after the request has been authenticated.
Assembly: System.Web (in System.Web.dll)
You can access the DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.event of the
You can use the Context property of the DefaultAuthenticationEventArgs object in the DefaultAuthentication_OnAuthenticate event to set the User property of the current HttpContext instance to a custom IPrincipal object. If you do not specify a value for the User property, the DefaultAuthenticationModule sets the User property of the HttpContext instance to a GenericPrincipal object that contains no user information.
The DefaultAuthentication_OnAuthenticate event is raised after the AuthenticateRequest event and before the AuthorizeRequest event. If you have an section that depends on the user name to deny or allow access to your application, modifying the User property of the current HttpContext instance can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the section in your configuration.
If the Web application is running in IIS 7.0 in Integrated mode, the DefaultAuthenticationModule is not raised. If the mode attribute of the configuration element is set to "None" and the application subscribes to the event, a PlatformNotSupportedException error is raised. In this scenario, to receive authentication notification, subscribe to the AuthenticateRequest event of the HttpApplication instance. For more information about compatibility issues in Integrated mode, see Moving an ASP.NET Application from IIS 6.0 to IIS 7.0.event of the
The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext instance is null. If the User property is null, then the sample sets the User property of the current HttpContext instance to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default."
The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext instance to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users="?" /> in the configuration section to ensure that only authenticated users have access to your site, this sample will cause the element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users="default" /> to ensure that only authenticated users can access your site.
Available since 1.1