Where in the Web Forms lifecycle can I re-authenticate a user?
Here's the situation - Most of this ASP.NET Web Forms application (which uses a single master page for all pages) with Forms Authentication, has a standard session timeout, but there are some "modes" where we store an encoded cookie that links the user to their account.
开发者_运维问答I would like to manually check early on in the page lifecycle for the cookie, and if certain conditions are met, manually re-establish the user's authentication ticket/session.
Where's the best place to do this? Master page Page_Init? Global.asax BeginRequest?
An HttpModule would be the best place.
BeginRequest
is probably the right place (either in Global.asax or in a custom HttpModule), since from your description it sounds like it should run before AuthenticateRequest
, which is the next event in the life cycle.
If you wait until Page_Init
, or any other events associated with the Page, the authentication step in the life cycle has already happened.
精彩评论