System.Web.Security Namespace
Represents the method that handles the Authenticate event of a DefaultAuthenticationModule.
[ VB ]
Public Delegate Sub DefaultAuthenticationEventHandler ( _
sender As Object, _
e As DefaultAuthenticationEventArgs _
)
[ C# ]
Public delegate void DefaultAuthenticationEventHandler (
object sender,
DefaultAuthenticationEventArgs e
);
[ C++ ]
Public __gc __delegate void DefaultAuthenticationEventHandler (
Object* sender,
DefaultAuthenticationEventArgs* e
);
In [ JScript ], you can use the delegates in the .NET Framework, but you cannot define your own.
The declaration of your event handler must have the same parameters as the DefaultAuthenticationEventHandler delegate declaration.
- sender
- The object that raised the event.
- e
- A DefaultAuthenticationEventArgs object that contains the event data.
The DefaultAuthenticationEventHandler delegate is defined for the Authenticate event of the DefaultAuthenticationModule class.
You can handle the Authenticate event of the DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the Global.asax file for your ASP.NET application. The Authenticate event is raised after the AuthenticateRequest event and is used to ensure that the User property of the current HttpContext is populated with an IPrincipal object.
You can use the Context property of the DefaultAuthenticationEventArgs object supplied to the DefaultAuthentication_OnAuthenticate event to set the User property of the current HttpContext to a custom IPrincipal object.
If you do not specify a value for the User property of the HttpContext supplied during the DefaultAuthentication_OnAuthenticate event, the DefaultAuthenticationModule sets the User property of the HttpContext to a GenericPrincipal object that contains no user information.
The DefaultAuthentication_OnAuthenticate event is raised after the AuthenticateRequest event and before the AuthorizeRequest event. If you have an authorization section that depends on the user name to deny or allow access to your application, modifying the User property of the current HttpContext can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the authorization section in your configuration.
The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext is a null reference ( Nothing in Visual Basic ) . If the property is a null reference ( Nothing in Visual Basic ), the sample sets the User property of the current HttpContext to a GenericPrincipal object, where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default".
NOTE: The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you are ensuring that only authenticated users have access to your site, by using the authorization section and specifying <deny users = "?" />, this sample will cause the deny element to be ignored, as the user will have a name, which is "default". Instead you would specify <deny users = "default" /> to ensure that only authenticated users can access your site.
public void DefaultAuthentication_OnAuthenticate ( object src, DefaultAuthenticationEventArgs args ) {
if ( args.Context.User == null ) {
args.Context.User = new System.Security.Principal.GenericPrincipal (
new System.Security.Principal.GenericIdentity ( "default" ), new String [ 0 ] );
}
}
Public Sub DefaultAuthentication_OnAuthenticate ( src As Object, args As DefaultAuthenticationEventArgs )
If args.Context.User Is Nothing Then
args.Context.User = new System.Security.Principal.GenericPrincipal ( _
new System.Security.Principal.GenericIdentity ( "default" ), new String ( 0 ) { } )
End If
End Sub |
| |
C# |
VB |
DefaultAuthenticationModule Class DefaultAuthenticationEventArgs Class
