The DefaultAuthenticationModule.Authenticate event is raised after the System.Web.HttpApplication.AuthenticateRequest event. It is used to ensure that the System.Web.HttpContext.User property of the current System.Web.HttpContext instance is populated with an System.Security.Principal.IPrincipal object.

You can access the DefaultAuthenticationModule.Authenticate event of the System.Web.Security.DefaultAuthenticationModule class by specifying a subroutine named DefaultAuthentication_OnAuthenticate in the application's Global.asax file.

You can use the DefaultAuthenticationEventArgs.Context property of the System.Web.Security.DefaultAuthenticationEventArgs object in the DefaultAuthentication_OnAuthenticate event to set the System.Web.HttpContext.User property of the current System.Web.HttpContext instance to a custom System.Security.Principal.IPrincipal object. If you do not specify a value for the System.Web.HttpContext.User property, the System.Web.Security.DefaultAuthenticationModule sets the System.Web.HttpContext.User property of the System.Web.HttpContext instance to a System.Security.Principal.GenericPrincipal object that contains no user information.

The DefaultAuthentication_OnAuthenticate event is raised after the System.Web.HttpApplication.AuthenticateRequest event and before the System.Web.HttpApplication.AuthorizeRequest event. If you have an authorization section that depends on the user name to deny or allow access to your application, modifying the System.Web.HttpContext.User property of the current System.Web.HttpContext instance can affect the behavior of your application. Be sure that the user name you set during the DefaultAuthentication_OnAuthenticate event is considered when you specify the authorization section in your configuration.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0