I am using .net 1.1

In the global.asax.cs file, there is this entry:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

as far as I know, it is wired with the

FormsAuthentication_OnAuthenticate event.

My question is, when does the event exactly fire? My testing shows, that it
fires with every request on an aspx file.. I thought it does it only, if you
want to access an aspx in a secured folder (secured by the web.config entry:
deny users=? as example.)

But that event fires everywhere, even in folders, that are completely open
(allow users=*).

Yes, this is the event in HttpRuntime's sequence of events that fire for
every request into ASP.NET. This step is the one that's supposed to determine
who the user is. If you'rte using Forms Authentication then there is code
that reads the cookie and determines the user and it sets the HttpContext.User
property based upon what's in the cookie. So yeah, this fires for every request
since you'd like to know who the user is upon every request :)

If the user is anonymous then the forms auth code has nothing to do. Now
the event that fire right after AuthenticateRequest is AuthorizeRequest and
this is where the <authorization> settings are enforced. So the prior step
identified the user, this next step see if that user is allowed to hit the
page they're requesting.

This URL talks about the other events that fire:

http://msdn2.microsoft.com/en-us/library/system.web.httpapplication.aspx

-Brock
DevelopMentor
http://staff.develop.com/ballen

Show quoteHide quote

Net runtime crash
Looping through a filtered GridView
Single Login Problem
converting a variable within a append document.forms string
Arghh!!!! Button Not Firing.
Losing data in a textbox on postback
PreRender event question
Access is denied: 'Interop.ADODB' error - almost ready to jump off the balcony!
Tags inside value field of appsettings in web.config
Run IISRESET in an asp.net page?