Handles the HttpApplication.AuthenticateRequest event from the ASP.NET pipeline.
Assembly: System.IdentityModel.Services (in System.IdentityModel.Services.dll)
This method does the following:
If a session security token cannot be read (most likely because a session has not been established), return.
Invokes the OnSessionSecurityTokenReceived method to raise the SessionSecurityTokenReceived event. This provides an opportunity for the token read from the cookie to be modified or for the request to be canceled. The handler can also specify that the token should be reissued, by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie property.
If the token is to be reissued, removes it from the cache and invokes the OnSessionSecurityTokenCreated method to raise the SessionSecurityTokenCreated event. This provides opportunity for the token to again be modified. The reissue behavior can also be modified by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property in the event handler.
Invokes the AuthenticateSessionSecurityToken method to authenticate the user. If successful, this has the effect of setting the Thread.CurrentPrincipal property to the principal that is contained in the SessionSecurityToken.ClaimsPrincipal property of the incoming token.
If the session has expired, invokes the SignOut method.