Re: When exactly Application_AuthenticateRequest event is fired?

Hi, 

you can't.

The code has to execute on every request. You can do some optimizations by caching the roles, e.g. in the authentication ticket's userData field.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

AuthenticateRequest gets fired on each request

Does that mean that: After a user is authenticated, every request from
this user aftermath will raise Application_AuthenticateRequest event?

Then, I think I just need to set role for this new user the first
request form him/her, right? For the rest of his/her requests, how can
I avoid to execute the following code again?

if (Context.Request.IsAuthenticated)
{
// get roles
// create GenericPrincipal
// set Context.User
}

Thanks.

"Dominick Baier [DevelopMentor]" wrote:

hi,

AuthenticateRequest gets fired on each request -

if you want to add code there to get roles for the user do something
like this:

if (Context.Request.IsAuthenticated)
{
// get roles
// create GenericPrincipal
// set Context.User
}

after you call SetAuthCookie you need another roundtrip for this
event to fire - e.g. a redirect to your main page etc...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hello, friends,

In our forms authentication asp.net app, I used
FormsAuthentication.SetAuthCookie() to authenticate a new registered
user like the follows:

//...already create a new userID from our DB
FormsAuthentication.SetAuthCookie(Request.Form["loginName"], true);
Then I planned in Application_AuthenticateRequest() to assign roles
to this new user using GenericPrincipal().

However, although I set breakpoint, it did not stop. I thought that
calling FormsAuthentication.SetAuthCookie() would trigger
Application_AuthenticateRequest() event.

So, at exactly what condition, an Application_AuthenticateRequest
event will be fired?

Thanks a lot.



.

Relevant Pages

  • Re: How to bypass Forms Authentication on selected pages programma
    ... The authenticate request event fires for every request ... Dominick Baier ... "Joe Kaplan" wrote: ... runs after authentication but before authorization) check the ...
    (microsoft.public.dotnet.security)
  • Re: How to get a simple CGI app to work in IIS 6.0
    ... Are you saying that you can make an HTTP request to ... If it is only Windows Integrated Authentication and you have ... but somehow my simple "hello world" cgi app does not execute. ...
    (microsoft.public.inetserver.iis.security)
  • Re: HTTP - basic authentication example.
    ... or *never* knowing the realm..) ... This is called authentication and is implemented ... requests a web page it sends a request to the server. ... consists of headers with certain information about the request. ...
    (comp.lang.python)
  • Re: Each HTTP object being requested twice (401 then 200 responses)
    ... Authentication" and the web.config authentication setting is ... Authorized because the request was made anonymously. ... requests the same object a second time it uses kerberos; ... Kerberos tokens should not be regenerated for every request. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Each HTTP object being requested twice (401 then 200 responses)
    ... Authentication" and the web.config authentication setting is ... Authorized because the request was made anonymously. ... requests the same object a second time it uses kerberos; ... Kerberos tokens should not be regenerated for every request. ...
    (microsoft.public.inetserver.iis.security)