DefaultAuthenticationModule.Authenticate Event
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Occurs after the request has been authenticated.
public:
event System::Web::Security::DefaultAuthenticationEventHandler ^ Authenticate;
public event System.Web.Security.DefaultAuthenticationEventHandler Authenticate;
member this.Authenticate : System.Web.Security.DefaultAuthenticationEventHandler
Public Custom Event Authenticate As DefaultAuthenticationEventHandler
Event Type
Examples
The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext instance is null
. If the User property is null
, then the sample sets the User property of the current HttpContext instance to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default."
Note
The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext instance to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users="?" />
in the authorization configuration section to ensure that only authenticated users have access to your site, this sample will cause the deny element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users="default" />
to ensure that only authenticated users can access your site.
public void DefaultAuthentication_OnAuthenticate(object sender,
DefaultAuthenticationEventArgs args)
{
if (args.Context.User == null)
args.Context.User =
new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity("default"),
new String[0]);
}
Public Sub DefaultAuthentication_OnAuthenticate(sender As Object, _
args As DefaultAuthenticationEventArgs)
If args.Context.User Is Nothing Then
args.Context.User = _
new System.Security.Principal.GenericPrincipal( _
new System.Security.Principal.GenericIdentity("default"), _
new String(0) {})
End If
End Sub
Remarks
The Authenticate event is raised after the AuthenticateRequest event. It is used to ensure that the User property of the current HttpContext instance is populated with an IPrincipal object.
You can access the Authenticate event of the DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.
You can use the Context property of the DefaultAuthenticationEventArgs object in the DefaultAuthentication_OnAuthenticate event to set the User property of the current HttpContext instance to a custom IPrincipal object. If you do not specify a value for the User property, the DefaultAuthenticationModule sets the User property of the HttpContext instance to a GenericPrincipal object that contains no user information.
The DefaultAuthentication_OnAuthenticate event is raised after the AuthenticateRequest event and before the AuthorizeRequest event. If you have an authorization
section that depends on the user name to deny or allow access to your application, modifying the User property of the current HttpContext instance can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the authorization section in your configuration.
Note
If the Web application is running in IIS 7.0 in Integrated mode, the Authenticate event of the DefaultAuthenticationModule is not raised. If the mode
attribute of the authentication configuration element is set to "None" and the application subscribes to the Authenticate event, a PlatformNotSupportedException error is raised. In this scenario, to receive authentication notification, subscribe to the AuthenticateRequest event of the HttpApplication instance. For more information about compatibility issues in Integrated mode, see Moving an ASP.NET Application from IIS 6.0 to IIS 7.0.