Re: When exactly Application_AuthenticateRequest event is fired?

> AuthenticateRequest gets fired on each request

Does that mean that: After a user is authenticated, every request from this
user aftermath will raise Application_AuthenticateRequest event?

Then, I think I just need to set role for this new user the first request
form him/her, right? For the rest of his/her requests, how can I avoid to
execute the following code again?

if (Context.Request.IsAuthenticated)
{

// get roles
// create GenericPrincipal
// set Context.User

}

Thanks.


"Dominick Baier [DevelopMentor]" wrote:

> hi,
>
> AuthenticateRequest gets fired on each request -
>
> if you want to add code there to get roles for the user do something like
> this:
>
> if (Context.Request.IsAuthenticated)
> {
>
> // get roles
> // create GenericPrincipal
> // set Context.User
>
> }
>
> after you call SetAuthCookie you need another roundtrip for this event to
> fire - e.g. a redirect to your main page etc...
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hello, friends,
> >
> > In our forms authentication asp.net app, I used
> > FormsAuthentication.SetAuthCookie() to authenticate a new registered
> > user like the follows:
> >
> > //...already create a new userID from our DB
> > FormsAuthentication.SetAuthCookie(Request.Form["loginName"], true);
> > Then I planned in Application_AuthenticateRequest() to assign roles to
> > this new user using GenericPrincipal().
> >
> > However, although I set breakpoint, it did not stop. I thought that
> > calling FormsAuthentication.SetAuthCookie() would trigger
> > Application_AuthenticateRequest() event.
> >
> > So, at exactly what condition, an Application_AuthenticateRequest
> > event will be fired?
> >
> > Thanks a lot.
> >
>
>
>
.

Relevant Pages

  • Re: AuthenticateRequest Before or After User has been Authenticate
    ... Now a new request starts - for login.aspx - same eventing occurs - but login.aspx is handled differently - and requests are allowed regardless of authZ settings. ... if you handle AuthenticateRequest you can be sure the builtin Auth has already run - which means the user is either anonymous or a specific IPrincipal - if you handle AuthorizeRequest you can be sure that the user is authorized by the builtin AuthZ modules. ... Now change the handler in the module to catch the AuthorizeRequest ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Difference from Application_AuthenticateRequest and FormsAuthenticationTicket
    ... >From what I know, the ASP.NET checks the User AFTER the AuthenticateRequest, ... >> request until after the AuthenticateRequest has been processed. ... >>> i have some sample code which shows how to do it correctly: ... >>> Dominick Baier - DevelopMentor ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: AuthenticateRequest Before or After User has been Authenticated?
    ... The AuthenticateRequest event is always handled by the built in authentication module - and if you have not reordered the pipeline your code runs after the built-in one. ... The first request to an app and the redirect are anonymous request - thats why you have to check that. ... then set a handler for the AuthenticateRequest event, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Is This OT - U BET IT IS - BUT IT IS SO SUPPERIOR TO THE GARBAGE THAT HAS BEEN POSTED TO THI
    ... The Day the Penis asked for a Raise ... I, the Penis, hereby request a raise in salary for the following reasons: ...
    (rec.radio.amateur.policy)
  • Re: Problem with attachments
    ... i have not made progress, so I 'll raise the request in ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)