C# AuthenticateRequest 事件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/875472/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AuthenticateRequest event
提问by SourceC
Q 1. To my understanding FormsAuthenticationModuleis subscribed to AuthenticateRequestevent, and thus only after this event is fired, is FormsAuthenticationModulecalled. But the following quotes got me a bit confused:
Q 1.据我所知FormsAuthenticationModule是订阅AuthenticateRequest事件,因此只有在触发此事件后才会FormsAuthenticationModule调用。但以下引述让我有点困惑:
The
AuthenticateRequestevent signals that the configured authentication mechanism has authenticated the current request.- Doesn't the above quote suggest that when
AuthenticateRequestevent is raised, request (aka user) is already authenticated?
- Doesn't the above quote suggest that when
Subscribing to the
AuthenticateRequestevent ensures that the request will be authenticated before processing the attached module or event handler.- As far as I understand this quote, if we subscribe to
AuthenticatedRequest, then our event handler will be called prior toFormsAuthenticationModule? ThusApplication_AuthenticateRequest()will be called beforeFormsAuthenticationModuleis called?
- As far as I understand this quote, if we subscribe to
该
AuthenticateRequest事件表示已配置的身份验证机制已对当前请求进行了身份验证。- 上面的引用不是表明当
AuthenticateRequest事件发生时,请求(又名用户)已经过身份验证了吗?
- 上面的引用不是表明当
订阅
AuthenticateRequest事件可确保在处理附加模块或事件处理程序之前对请求进行身份验证。- 据我了解这句话,如果我们订阅
AuthenticatedRequest,那么我们的事件处理程序将在FormsAuthenticationModule? 这样Application_AuthenticateRequest()会在被调用之前FormsAuthenticationModule被调用吗?
- 据我了解这句话,如果我们订阅
Q 2. Book I'm learning from suggests that within Application_AuthenticateRequest()we are able to verify whether user is a member of specific role, and if not, we can add the user automatically:
Q 2. Book I'm learning from 建议Application_AuthenticateRequest()我们可以验证用户是否是特定角色的成员,如果不是,我们可以自动添加用户:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated && Roles.Enabled)
{
//here we can subscribe user to a role via Roles.AddUserToRole()
}
}
Judging from the above code, Application_AuthenticateRequest()is called after FormsAuthenticationModulehas been invoked, but somewhere else same book implies that Application_AuthenticateRequest()is called prior to FormsAuthenticationModule:
从上面的代码来看,在Application_AuthenticateRequest()被调用之后FormsAuthenticationModule被调用,但在同一本书的其他地方暗示Application_AuthenticateRequest()在之前被调用FormsAuthenticationModule:
Application_AuthenticateRequestis called just before authentication is performed. This is a jumping-off point for creating your own authentication logic.
Application_AuthenticateRequest在执行身份验证之前调用。这是创建您自己的身份验证逻辑的起点。
What am I missing?
我错过了什么?
Thanx
谢谢
采纳答案by bbmud
It seems that the FormsAuthenticationModule gets handled first. This module is normally earlier than any custom module in the ASP.NET pipeline, so when AuthenticateRequest is fired, FormsAuthenticationModule will get called first, do its job and then your module's event handler will be called.
似乎首先处理 FormsAuthenticationModule 。该模块通常早于 ASP.NET 管道中的任何自定义模块,因此当 AuthenticateRequest 被触发时,FormsAuthenticationModule 将首先被调用,完成其工作,然后将调用您模块的事件处理程序。
If you really want to dig deep into this, I suggest trying to debug the ASP.NET code yourself. Here is a post how to set up your VS:
如果您真的想深入研究这一点,我建议您尝试自己调试 ASP.NET 代码。这是一篇关于如何设置 VS 的帖子:
EDIT: I was able to confirm this behavior by setting up a web project with custom module and event handlers in Global.asax. Take a look at the source code of HttpApplication.InitInternal, the order of initialization is as follows:
编辑:我能够通过在 Global.asax 中设置具有自定义模块和事件处理程序的 Web 项目来确认此行为。看一下HttpApplication.InitInternal的源码,初始化的顺序如下:
- initialization of integrated modules: FormsAuthenticationModule hooks up to HttpApplication.AuthenticateRequest event
- initialization of custom modules: custom module hooks up to HttpApplication.AuthenticateRequest event
- initialization of Global class (global.asax): here we hook up to the AuthenticateRequest event
- HttpApplication.InitInternal searches for methods on Global class following the specific name pattern (e.g. Application_AuthenticateRequest), matches them to event and hooks up
- 集成模块的初始化:FormsAuthenticationModule 挂接到 HttpApplication.AuthenticateRequest 事件
- 自定义模块的初始化:自定义模块挂接到 HttpApplication.AuthenticateRequest 事件
- 全局类(global.asax)的初始化:这里我们连接到 AuthenticateRequest 事件
- HttpApplication.InitInternal 按照特定的名称模式(例如 Application_AuthenticateRequest)在全局类上搜索方法,将它们与事件匹配并连接
After the initialization, when the AuthenticateRequest fires, the event handlers are called in the order they where initialized, so:
初始化后,当 AuthenticateRequest 触发时,事件处理程序将按照它们初始化的顺序调用,因此:
- FormsAuthenticationModule.AuthenticateRequest event handler
- CustomModule.AuthenticateRequest event handler
- Global.AuthenticateRequest event handler
- Global.Application_AuthenticateRequest method
- FormsAuthenticationModule.AuthenticateRequest 事件处理程序
- CustomModule.AuthenticateRequest 事件处理程序
- Global.AuthenticateRequest 事件处理程序
- Global.Application_AuthenticateRequest 方法
Unless I missed something, there is no mechanism for stopping the event handlers to fire, so no matter what the result of FormsAuthenticationModule.AuthenticateRequest, the next handlers will still be called. I hope that helps.
除非我错过了什么,否则没有阻止事件处理程序触发的机制,因此无论 FormsAuthenticationModule.AuthenticateRequest 的结果如何,下一个处理程序仍将被调用。我希望这有帮助。
回答by Shelakel
If you want access to the User object, I'd suggest you use
如果您想访问 User 对象,我建议您使用
protected void Application_Start()
{
PostAuthenticateRequest += Application_PostAuthenticateRequest;
}
protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
if(User.Identity.IsAuthenticated)
{
//Do stuff here
}
}
