DefaultAuthenticationModule.Authenticate Event
Occurs after the request has been authenticated.
Assembly: System.Web (in System.Web.dll)
The Authenticate event is raised after the AuthenticateRequest event. It is used to ensure that the User property of the current HttpContext instance is populated with an IPrincipal object.
You can access the Authenticate event of the DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.
You can use the Context property of the DefaultAuthenticationEventArgs object in the DefaultAuthentication_OnAuthenticate event to set the User property of the current HttpContext instance to a custom IPrincipal object. If you do not specify a value for the User property, the DefaultAuthenticationModule sets the User property of the HttpContext instance to a GenericPrincipal object that contains no user information.
The DefaultAuthentication_OnAuthenticate event is raised after the AuthenticateRequest event and before the AuthorizeRequest event. If you have an authorization section that depends on the user name to deny or allow access to your application, modifying the User property of the current HttpContext instance can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the authorization section in your configuration.
Note |
|---|
If the Web application is running in IIS 7.0 in Integrated mode, the Authenticate event of the DefaultAuthenticationModule is not raised. If the mode attribute of the authentication configuration element is set to "None" and the application subscribes to the Authenticate event, a PlatformNotSupportedException error is raised. In this scenario, to receive authentication notification, subscribe to the AuthenticateRequest event of the HttpApplication instance. For more information about compatibility issues in Integrated mode, see Moving an ASP.NET Application from IIS 6.0 to IIS 7.0. |
The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext instance is Nothing. If the User property is Nothing, then the sample sets the User property of the current HttpContext instance to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default."
Note |
|---|
The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext instance to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users="?" /> in the authorization configuration section to ensure that only authenticated users have access to your site, this sample will cause the deny element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users="default" /> to ensure that only authenticated users can access your site. |
Public Sub DefaultAuthentication_OnAuthenticate(sender As Object, _ args As DefaultAuthenticationEventArgs) If args.Context.User Is Nothing Then args.Context.User = _ new System.Security.Principal.GenericPrincipal( _ new System.Security.Principal.GenericIdentity("default"), _ new String(0) {}) End If End Sub
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Note