-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
DefaultAuthenticationModule.xml
209 lines (181 loc) · 18.2 KB
/
DefaultAuthenticationModule.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
<Type Name="DefaultAuthenticationModule" FullName="System.Web.Security.DefaultAuthenticationModule">
<TypeSignature Language="C#" Value="public sealed class DefaultAuthenticationModule : System.Web.IHttpModule" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed beforefieldinit DefaultAuthenticationModule extends System.Object implements class System.Web.IHttpModule" />
<TypeSignature Language="DocId" Value="T:System.Web.Security.DefaultAuthenticationModule" />
<TypeSignature Language="VB.NET" Value="Public NotInheritable Class DefaultAuthenticationModule
Implements IHttpModule" />
<TypeSignature Language="F#" Value="type DefaultAuthenticationModule = class
 interface IHttpModule" />
<TypeSignature Language="C++ CLI" Value="public ref class DefaultAuthenticationModule sealed : System::Web::IHttpModule" />
<AssemblyInfo>
<AssemblyName>System.Web</AssemblyName>
<AssemblyVersion>1.0.5000.0</AssemblyVersion>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Object</BaseTypeName>
</Base>
<Interfaces>
<Interface>
<InterfaceName>System.Web.IHttpModule</InterfaceName>
</Interface>
</Interfaces>
<Docs>
<summary>Ensures that an authentication object is present in the context. This class cannot be inherited.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Web.Security.DefaultAuthenticationModule> ensures that the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance is set to an <xref:System.Security.Principal.IPrincipal> object for each request. The <xref:System.Web.Security.DefaultAuthenticationModule> examines the <xref:System.Web.HttpContext.User%2A> property after the <xref:System.Web.HttpApplication.AuthenticateRequest> event and before the <xref:System.Web.HttpApplication.AuthorizeRequest> event. If the <xref:System.Web.HttpContext.User%2A> property is `null`, the <xref:System.Web.Security.DefaultAuthenticationModule> sets the <xref:System.Web.HttpContext.User%2A> property to a <xref:System.Security.Principal.GenericPrincipal> object that contains no user information.
If the authentication module sets the <xref:System.Web.HttpResponse.StatusCode%2A> property to 401, the <xref:System.Web.Security.DefaultAuthenticationModule> will render an access-denied error page. If the value of the <xref:System.Web.HttpResponse.StatusCode%2A> property is set to a value greater than 200, the <xref:System.Web.Security.DefaultAuthenticationModule> object will end the request. In that case, only HTTP modules that subscribe to the <xref:System.Web.HttpApplication.EndRequest> event are called prior to the completion of the current request.
The <xref:System.Web.Security.DefaultAuthenticationModule> exposes an <xref:System.Web.Security.DefaultAuthenticationModule.Authenticate> event. You can use this event to provide a custom <xref:System.Security.Principal.IPrincipal> object for the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance. The <xref:System.Web.Security.WindowsAuthenticationModule.Authenticate> event is accessed by specifying an event named **DefaultAuthentication_OnAuthenticate** in the application's Global.asax file.
## Examples
The following example uses the **DefaultAuthentication_OnAuthenticate** event to test whether the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance is `null`. If the <xref:System.Web.HttpContext.User%2A> property is `null`, then the sample sets the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance to a <xref:System.Security.Principal.GenericPrincipal> object where the <xref:System.Security.Principal.GenericPrincipal.Identity%2A> of the <xref:System.Security.Principal.GenericPrincipal> object is a <xref:System.Security.Principal.GenericIdentity> with a <xref:System.Security.Principal.GenericIdentity.Name%2A> value of "default."
> [!NOTE]
> The **DefaultAuthentication_OnAuthenticate** event is raised before the <xref:System.Web.HttpApplication.AuthorizeRequest> event. As a result, if you set the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance to a custom identity, it can affect the behavior of your application. For example, if you are using the <xref:System.Web.Security.FormsAuthentication> class and you specify `<deny users="?" />` in the [authorization](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/8d82143t(v%3dvs.100)) configuration section to ensure that only authenticated users have access to your site, this sample will cause the [deny](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/8aeskccd(v%3dvs.100)) element to be ignored, as the user will have a name, which is "default." Instead, you would specify `<deny users="default" />` to ensure that only authenticated users can access your site.
[!code-csharp[System.Web.Security.DefaultAuthenticationModule#1](~/snippets/csharp/VS_Snippets_WebNet/System.Web.Security.DefaultAuthenticationModule/CS/global.asax#1)]
[!code-vb[System.Web.Security.DefaultAuthenticationModule#1](~/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Security.DefaultAuthenticationModule/VB/global.asax#1)]
]]></format>
</remarks>
<related type="Article" href="https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)">ASP.NET Authentication</related>
</Docs>
<Members>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public DefaultAuthenticationModule ();" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor() cil managed" />
<MemberSignature Language="DocId" Value="M:System.Web.Security.DefaultAuthenticationModule.#ctor" />
<MemberSignature Language="VB.NET" Value="Public Sub New ()" />
<MemberSignature Language="C++ CLI" Value="public:
 DefaultAuthenticationModule();" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Web</AssemblyName>
<AssemblyVersion>1.0.5000.0</AssemblyVersion>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute FrameworkAlternate="netframework-4.0">
<AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")>]</AttributeName>
</Attribute>
</Attributes>
<Parameters />
<Docs>
<summary>Initializes a new instance of the <see cref="T:System.Web.Security.DefaultAuthenticationModule" /> class.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
This constructor is not intended to be called from application code.
ASP.NET calls this constructor to create an instance of the <xref:System.Web.Security.DefaultAuthenticationModule> class. After calling the constructor, it calls the <xref:System.Web.Security.DefaultAuthenticationModule.Init%2A> method to initialize the new <xref:System.Web.Security.DefaultAuthenticationModule> object.
]]></format>
</remarks>
<related type="Article" href="https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)">ASP.NET Authentication</related>
</Docs>
</Member>
<Member MemberName="Authenticate">
<MemberSignature Language="C#" Value="public event System.Web.Security.DefaultAuthenticationEventHandler Authenticate;" />
<MemberSignature Language="ILAsm" Value=".event class System.Web.Security.DefaultAuthenticationEventHandler Authenticate" />
<MemberSignature Language="DocId" Value="E:System.Web.Security.DefaultAuthenticationModule.Authenticate" />
<MemberSignature Language="VB.NET" Value="Public Custom Event Authenticate As DefaultAuthenticationEventHandler " />
<MemberSignature Language="F#" Value="member this.Authenticate : System.Web.Security.DefaultAuthenticationEventHandler " Usage="member this.Authenticate : System.Web.Security.DefaultAuthenticationEventHandler " />
<MemberSignature Language="C++ CLI" Value="public:
 event System::Web::Security::DefaultAuthenticationEventHandler ^ Authenticate;" />
<MemberType>Event</MemberType>
<AssemblyInfo>
<AssemblyName>System.Web</AssemblyName>
<AssemblyVersion>1.0.5000.0</AssemblyVersion>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Web.Security.DefaultAuthenticationEventHandler</ReturnType>
</ReturnValue>
<Docs>
<summary>Occurs after the request has been authenticated.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Web.Security.DefaultAuthenticationModule.Authenticate> event is raised after the <xref:System.Web.HttpApplication.AuthenticateRequest> event. It is used to ensure that the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance is populated with an <xref:System.Security.Principal.IPrincipal> object.
You can access the <xref:System.Web.Security.DefaultAuthenticationModule.Authenticate> event of the <xref:System.Web.Security.DefaultAuthenticationModule> class by specifying a subroutine named **DefaultAuthentication_OnAuthenticate** in the application's Global.asax file.
You can use the <xref:System.Web.Security.DefaultAuthenticationEventArgs.Context%2A> property of the <xref:System.Web.Security.DefaultAuthenticationEventArgs> object in the **DefaultAuthentication_OnAuthenticate** event to set the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance to a custom <xref:System.Security.Principal.IPrincipal> object. If you do not specify a value for the <xref:System.Web.HttpContext.User%2A> property, the <xref:System.Web.Security.DefaultAuthenticationModule> sets the <xref:System.Web.HttpContext.User%2A> property of the <xref:System.Web.HttpContext> instance to a <xref:System.Security.Principal.GenericPrincipal> object that contains no user information.
The **DefaultAuthentication_OnAuthenticate** event is raised after the <xref:System.Web.HttpApplication.AuthenticateRequest> event and before the <xref:System.Web.HttpApplication.AuthorizeRequest> event. If you have an `authorization` section that depends on the user name to deny or allow access to your application, modifying the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance can affect the behavior of your application. Be sure that the user name you set during the **DefaultAuthentication_OnAuthenticate** event is considered when you specify the [authorization](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/8d82143t(v%3dvs.100)) section in your configuration.
> [!NOTE]
> If the Web application is running in IIS 7.0 in Integrated mode, the <xref:System.Web.Security.DefaultAuthenticationModule.Authenticate> event of the <xref:System.Web.Security.DefaultAuthenticationModule> is not raised. If the `mode` attribute of the [authentication](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/532aee0e(v%3dvs.100)) configuration element is set to "None" and the application subscribes to the <xref:System.Web.Security.DefaultAuthenticationModule.Authenticate> event, a <xref:System.PlatformNotSupportedException> error is raised. In this scenario, to receive authentication notification, subscribe to the <xref:System.Web.HttpApplication.AuthenticateRequest> event of the <xref:System.Web.HttpApplication> instance. For more information about compatibility issues in Integrated mode, see [Moving an ASP.NET Application from IIS 6.0 to IIS 7.0](https://msdn.microsoft.com/library/76f9cc78-f978-4837-b1c8-51d642ec4847).
## Examples
The following code example uses the **DefaultAuthentication_OnAuthenticate** event to test whether the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance is `null`. If the <xref:System.Web.HttpContext.User%2A> property is `null`, then the sample sets the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance to a <xref:System.Security.Principal.GenericPrincipal> object where the <xref:System.Security.Principal.GenericPrincipal.Identity%2A> of the <xref:System.Security.Principal.GenericPrincipal> object is a <xref:System.Security.Principal.GenericIdentity> with a <xref:System.Security.Principal.GenericIdentity.Name%2A> value of "default."
> [!NOTE]
> The **DefaultAuthentication_OnAuthenticate** event is raised before the <xref:System.Web.HttpApplication.AuthorizeRequest> event. As a result, if you set the <xref:System.Web.HttpContext.User%2A> property of the current <xref:System.Web.HttpContext> instance to a custom identity, it can affect the behavior of your application. For example, if you are using the <xref:System.Web.Security.FormsAuthentication> class and you specify `<deny users="?" />` in the [authorization](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/8d82143t(v%3dvs.100)) configuration section to ensure that only authenticated users have access to your site, this sample will cause the [deny](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/8aeskccd(v%3dvs.100)) element to be ignored, as the user will have a name, which is "default." Instead, you would specify `<deny users="default" />` to ensure that only authenticated users can access your site.
[!code-csharp[System.Web.Security.DefaultAuthenticationModule#1](~/snippets/csharp/VS_Snippets_WebNet/System.Web.Security.DefaultAuthenticationModule/CS/global.asax#1)]
[!code-vb[System.Web.Security.DefaultAuthenticationModule#1](~/snippets/visualbasic/VS_Snippets_WebNet/System.Web.Security.DefaultAuthenticationModule/VB/global.asax#1)]
]]></format>
</remarks>
<related type="Article" href="https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)">ASP.NET Authentication</related>
</Docs>
</Member>
<Member MemberName="Dispose">
<MemberSignature Language="C#" Value="public void Dispose ();" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void Dispose() cil managed" />
<MemberSignature Language="DocId" Value="M:System.Web.Security.DefaultAuthenticationModule.Dispose" />
<MemberSignature Language="VB.NET" Value="Public Sub Dispose ()" />
<MemberSignature Language="F#" Value="abstract member Dispose : unit -> unit
override this.Dispose : unit -> unit" Usage="defaultAuthenticationModule.Dispose " />
<MemberSignature Language="C++ CLI" Value="public:
 virtual void Dispose();" />
<MemberType>Method</MemberType>
<Implements>
<InterfaceMember>M:System.Web.IHttpModule.Dispose</InterfaceMember>
</Implements>
<AssemblyInfo>
<AssemblyName>System.Web</AssemblyName>
<AssemblyVersion>1.0.5000.0</AssemblyVersion>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters />
<Docs>
<summary>Releases all resources, other than memory, used by the <see cref="T:System.Web.Security.DefaultAuthenticationModule" />.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
This method is not intended to be called from application code.
]]></format>
</remarks>
<related type="Article" href="https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)">ASP.NET Authentication</related>
</Docs>
</Member>
<Member MemberName="Init">
<MemberSignature Language="C#" Value="public void Init (System.Web.HttpApplication app);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void Init(class System.Web.HttpApplication app) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Web.Security.DefaultAuthenticationModule.Init(System.Web.HttpApplication)" />
<MemberSignature Language="VB.NET" Value="Public Sub Init (app As HttpApplication)" />
<MemberSignature Language="F#" Value="abstract member Init : System.Web.HttpApplication -> unit
override this.Init : System.Web.HttpApplication -> unit" Usage="defaultAuthenticationModule.Init app" />
<MemberSignature Language="C++ CLI" Value="public:
 virtual void Init(System::Web::HttpApplication ^ app);" />
<MemberType>Method</MemberType>
<Implements>
<InterfaceMember>M:System.Web.IHttpModule.Init(System.Web.HttpApplication)</InterfaceMember>
</Implements>
<AssemblyInfo>
<AssemblyName>System.Web</AssemblyName>
<AssemblyVersion>1.0.5000.0</AssemblyVersion>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="app" Type="System.Web.HttpApplication" />
</Parameters>
<Docs>
<param name="app">The current <see cref="T:System.Web.HttpApplication" /> instance.</param>
<summary>Initializes the <see cref="T:System.Web.Security.DefaultAuthenticationModule" /> object.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
This method is not intended to be called from application code.
The <xref:System.Web.Security.DefaultAuthenticationModule.Init%2A> method ensures that the <xref:System.Web.Security.DefaultAuthenticationModule> is included in the processing of events.
]]></format>
</remarks>
<related type="Article" href="https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)">ASP.NET Authentication</related>
</Docs>
</Member>
</Members>
</Type>