Yes, this is the event in HttpRuntime's sequence of events that fire for
every request into ASP.NET. This step is the one that's supposed to determine
who the user is. If you'rte using Forms Authentication then there is code
that reads the cookie and determines the user and it sets the HttpContext.User
property based upon what's in the cookie. So yeah, this fires for every request
since you'd like to know who the user is upon every request :)
If the user is anonymous then the forms auth code has nothing to do. Now
the event that fire right after AuthenticateRequest is AuthorizeRequest and
this is where the <authorization> settings are enforced. So the prior step
identified the user, this next step see if that user is allowed to hit the
page they're requesting.
This URL talks about the other events that fire:
http://msdn2.microsoft.com/en-us/lib...plication.aspx
-Brock
DevelopMentor
http://staff.develop.com/ballen I am using .net 1.1
In the global.asax.cs file, there is this entry:
protected void Application_AuthenticateRequest(Object sender,
EventArgs e)
as far as I know, it is wired with the
FormsAuthentication_OnAuthenticate event.
My question is, when does the event exactly fire? My testing shows,
that it fires with every request on an aspx file.. I thought it does
it only, if you want to access an aspx in a secured folder (secured by
the web.config entry: deny users=? as example.)
But that event fires everywhere, even in folders, that are completely
open (allow users=*).