AuthenticateRequest 事件 [英] AuthenticateRequest event
问题描述
Q 1. 据我所知,FormsAuthenticationModule 订阅了 AuthenticateRequest 事件,因此只有在触发此事件后,才会调用 FormsAuthenticationModule.但以下引述让我有点困惑:
AuthenticateRequest事件表示配置的身份验证机制已对当前请求进行身份验证.- 上面的引用是不是表明当
AuthenticateRequest事件被引发时,请求(又名用户)已经被认证了?
- 上面的引用是不是表明当
订阅
AuthenticateRequest事件可确保在处理附加模块或事件处理程序之前对请求进行身份验证.- 据我所知,如果我们订阅了
AuthenticatedRequest,那么我们的事件处理程序将在FormsAuthenticationModule之前被调用?因此Application_AuthenticateRequest()会在FormsAuthenticationModule被调用之前被调用?
- 据我所知,如果我们订阅了
Q 2. 我正在学习的书表明,在 Application_AuthenticateRequest() 中,我们可以验证用户是否是特定角色的成员,如果不是,我们可以自动添加用户:
protected void Application_AuthenticateRequest(Object sender, EventArgs e){if (User.Identity.IsAuthenticated && Roles.Enabled){//这里我们可以通过 Roles.AddUserToRole() 为用户订阅一个角色}}从上面的代码来看,Application_AuthenticateRequest()是在FormsAuthenticationModule被调用后调用的,但在同一本书的其他地方暗示了Application_AuthenticateRequest() 在 FormsAuthenticationModule 之前调用:
Application_AuthenticateRequest 在执行身份验证之前调用.这是创建您自己的身份验证逻辑的起点.
我错过了什么?
谢谢
似乎首先处理 FormsAuthenticationModule.该模块通常早于 ASP.NET 管道中的任何自定义模块,因此当 AuthenticateRequest 被触发时,FormsAuthenticationModule 将首先被调用,完成其工作,然后将调用您模块的事件处理程序.
如果您真的想深入研究这一点,我建议您尝试自己调试 ASP.NET 代码.这是如何设置 VS 的帖子:
编辑:通过在 Global.asax 中设置具有自定义模块和事件处理程序的 Web 项目,我能够确认此行为.看一下HttpApplication.InitInternal的源码,初始化顺序如下:
- 集成模块的初始化:FormsAuthenticationModule 与 HttpApplication.AuthenticateRequest 事件挂钩
- 自定义模块的初始化:自定义模块连接到 HttpApplication.AuthenticateRequest 事件
- 全局类 (global.asax) 的初始化:这里我们连接到 AuthenticateRequest 事件
- HttpApplication.InitInternal 按照特定的名称模式(例如 Application_AuthenticateRequest)搜索全局类上的方法,将它们与事件匹配并连接
初始化后,当 AuthenticateRequest 触发时,事件处理程序将按照它们初始化的顺序调用,因此:
- FormsAuthenticationModule.AuthenticateRequest 事件处理程序
- CustomModule.AuthenticateRequest 事件处理程序
- Global.AuthenticateRequest 事件处理程序
- Global.Application_AuthenticateRequest 方法
除非我错过了什么,否则没有机制可以阻止事件处理程序触发,因此无论 FormsAuthenticationModule.AuthenticateRequest 的结果如何,下一个处理程序仍将被调用.我希望这会有所帮助.
Q 1. To my understanding FormsAuthenticationModule is subscribed to AuthenticateRequest event, and thus only after this event is fired, is FormsAuthenticationModule called. But the following quotes got me a bit confused:
The
AuthenticateRequestevent signals that the configured authentication mechanism has authenticated the current request.- Doesn’t the above quote suggest that when
AuthenticateRequestevent is raised, request (aka user) is already authenticated?
- Doesn’t the above quote suggest that when
Subscribing to the
AuthenticateRequestevent ensures that the request will be authenticated before processing the attached module or event handler.- As far as I understand this quote, if we subscribe to
AuthenticatedRequest, then our event handler will be called prior toFormsAuthenticationModule? ThusApplication_AuthenticateRequest()will be called beforeFormsAuthenticationModuleis called?
- As far as I understand this quote, if we subscribe to
Q 2. Book I’m learning from suggests that within Application_AuthenticateRequest() we are able to verify whether user is a member of specific role, and if not, we can add the user automatically:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated && Roles.Enabled)
{
//here we can subscribe user to a role via Roles.AddUserToRole()
}
}
Judging from the above code, Application_AuthenticateRequest() is called after FormsAuthenticationModule has been invoked, but somewhere else same book implies that Application_AuthenticateRequest() is called prior to FormsAuthenticationModule:
Application_AuthenticateRequestis called just before authentication is performed. This is a jumping-off point for creating your own authentication logic.
What am I missing?
Thanx
It seems that the FormsAuthenticationModule gets handled first. This module is normally earlier than any custom module in the ASP.NET pipeline, so when AuthenticateRequest is fired, FormsAuthenticationModule will get called first, do its job and then your module's event handler will be called.
If you really want to dig deep into this, I suggest trying to debug the ASP.NET code yourself. Here is a post how to set up your VS:
EDIT: I was able to confirm this behavior by setting up a web project with custom module and event handlers in Global.asax. Take a look at the source code of HttpApplication.InitInternal, the order of initialization is as follows:
- initialization of integrated modules: FormsAuthenticationModule hooks up to HttpApplication.AuthenticateRequest event
- initialization of custom modules: custom module hooks up to HttpApplication.AuthenticateRequest event
- initialization of Global class (global.asax): here we hook up to the AuthenticateRequest event
- HttpApplication.InitInternal searches for methods on Global class following the specific name pattern (e.g. Application_AuthenticateRequest), matches them to event and hooks up
After the initialization, when the AuthenticateRequest fires, the event handlers are called in the order they where initialized, so:
- FormsAuthenticationModule.AuthenticateRequest event handler
- CustomModule.AuthenticateRequest event handler
- Global.AuthenticateRequest event handler
- Global.Application_AuthenticateRequest method
Unless I missed something, there is no mechanism for stopping the event handlers to fire, so no matter what the result of FormsAuthenticationModule.AuthenticateRequest, the next handlers will still be called. I hope that helps.
这篇关于AuthenticateRequest 事件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
