Q 1. To my understanding FormsAuthenticationModule
is subscribed to AuthenticateRequest
event, and thus only after this event is fired, is FormsAuthenticationModule
called. But the following quotes got me a bit confused:
The
AuthenticateRequest
event signals that the configured authentication mechanism has authenticated the current request.- Doesn’t the above quote suggest that when
AuthenticateRequest
event is raised, request (aka user) is already authenticated?
- Doesn’t the above quote suggest that when
Subscribing to the
AuthenticateRequest
event ensures that the request will be authenticated before processing the attached module or event handler.- As far as I understand this quote, if we subscribe to
AuthenticatedRequest
, then our event handler will be called prior toFormsAuthenticationModule
? ThusApplication_AuthenticateRequest()
will be called beforeFormsAuthenticationModule
is called?
- As far as I understand this quote, if we subscribe to
Q 2. Book I’m learning from suggests that within Application_AuthenticateRequest()
we are able to verify whether user is a member of specific role, and if not, we can add the user automatically:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated && Roles.Enabled)
{
//here we can subscribe user to a role via Roles.AddUserToRole()
}
}
Judging from the above code, Application_AuthenticateRequest()
is called after FormsAuthenticationModule
has been invoked, but somewhere else same book implies that Application_AuthenticateRequest()
is called prior to FormsAuthenticationModule
:
Application_AuthenticateRequest
is called just before authentication is performed. This is a jumping-off point for creating your own authentication logic.
What am I missing?
Thanx