asp.net.ph
Home  
Getting Started  
Skip Navigation Links
Web Forms  
Skip Navigation Links
Data Access  
Skip Navigation Links
Web Apps  
Skip Navigation Links
Web Basics  
Skip Navigation Links
Show Me   Search
Friday, January 10, 2025 

DefaultAuthenticationModule Class

System.Web.Security Namespace

Ensures that an Authentication object is present in the context. This class cannot be inherited.

DefaultAuthenticationModule Class Members

Collapse   Constructors

Visibility Constructor Parameters
public DefaultAuthenticationModule ( )

Collapse   Methods

Visibility Name Parameters Return Type
public Dispose ( ) Void
public Init ( HttpApplication app ) Void

Collapse   Events

Multicast Name Type
multicast Authenticate DefaultAuthenticationEventHandler

Remarks

The DefaultAuthenticationModule ensures that the User property of the current HttpContext is set to an IPrincipal object for each request. The DefaultAuthenticationModule examines the User property after the AuthenticateRequest event and before the AuthorizeRequest event. If the User property is a null reference ( Nothing in Visual Basic ), the DefaultAuthenticationModule sets the User property to a GenericPrincipal object that contains no user information.

If the authentication module sets the StatusCode property to 401, the DefaultAuthenticationModule will write out a special access-denied error page. If the value of the StatusCode property is set to a value greater than 200, the DefaultAuthenticationModule object will end the request, and only HTTP modules that subscribe to the EndRequest event will be called prior to the completion of the current request.

The DefaultAuthenticationModule exposes an Authenticate event that enables you to provide a custom IPrincipal object for the User property of the current HttpContext. The Authenticate event is accessed by specifying an event named DefaultAuthentication_OnAuthenticate in the Global.asax file for your ASP.NET application.

Example

The following code example uses the DefaultAuthentication_OnAuthenticate event to test whether the User property of the current HttpContext is a null reference ( Nothing in Visual Basic ) . If the User property is a null reference ( Nothing in Visual Basic ), then the sample sets the User property of the current HttpContext to a GenericPrincipal object where the Identity of the GenericPrincipal object is a GenericIdentity with a Name value of "default.".

NOTE: The DefaultAuthentication_OnAuthenticate event is raised before the AuthorizeRequest event. As a result, if you set the User property of the current HttpContext to a custom identity, it can affect the behavior of your application. For example, if you are using the FormsAuthentication class and you specify <deny users = "?" /> in the authorization configuration section to ensure that only authenticated users have access to your site, this sample will cause the deny element to be ignored, as the user will have a name, which is "default." Instead, you would specify <deny users = "default" /> to ensure that only authenticated users can access your site. 

public void DefaultAuthentication_OnAuthenticate ( object src, DefaultAuthenticationEventArgs args ) {
   if ( args.Context.User == null ) {
      args.Context.User = new System.Security.Principal.GenericPrincipal (
         new System.Security.Principal.GenericIdentity ( "default" ), new String [ 0 ] );
   }
}
  C# VB

See Also

ASP.NET Authentication Skip Navigation Links




Home
Suggested Reading

Previous page Back to top Next page

© 2000-2010 Rey Nuñez All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note

You can help support asp.net.ph