SessionAuthenticationModule.OnAuthenticateRequest(Object, EventArgs) Method


Handles the AuthenticateRequest event from the ASP.NET pipeline.

 virtual void OnAuthenticateRequest(System::Object ^ sender, EventArgs ^ eventArgs);
protected virtual void OnAuthenticateRequest (object sender, EventArgs eventArgs);
abstract member OnAuthenticateRequest : obj * EventArgs -> unit
override this.OnAuthenticateRequest : obj * EventArgs -> unit
Protected Overridable Sub OnAuthenticateRequest (sender As Object, eventArgs As EventArgs)



The source for the event. This will be an HttpApplication object.


The data for the event.


There is not a valid session token handler configured. (There is no SessionSecurityTokenHandler configured in the SecurityTokenHandlers property.)


This method does the following:

  1. Invokes the TryReadSessionTokenFromCookie method to read a SessionSecurityToken from the session cookie, if one is present.

  2. If a session security token cannot be read (most likely because a session has not been established), return.

  3. Invokes the OnSessionSecurityTokenReceived method to raise the SessionSecurityTokenReceived event. This provides an opportunity for the token read from the cookie to be modified or for the request to be canceled. The handler can also specify that the token should be reissued, by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie property.

  4. If the token is to be reissued, removes it from the cache and invokes the OnSessionSecurityTokenCreated method to raise the SessionSecurityTokenCreated event. This provides opportunity for the token to again be modified. The reissue behavior can also be modified by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property in the event handler.

  5. Invokes the AuthenticateSessionSecurityToken method to authenticate the user. If successful, this has the effect of setting the Thread.CurrentPrincipal property to the principal that is contained in the SessionSecurityToken.ClaimsPrincipal property of the incoming token.

  6. If the session has expired, invokes the SignOut method.

The OnAuthenticateRequest method is added to the handlers for the HttpApplication.AuthenticateRequest event in the InitializeModule method.

Applies to