SessionAuthenticationModule.OnAuthenticateRequest(Object, EventArgs) 方法

定义

处理 AuthenticateRequest ASP.NET 管道中的事件。Handles the AuthenticateRequest event from the ASP.NET pipeline.

protected:
 virtual void OnAuthenticateRequest(System::Object ^ sender, EventArgs ^ eventArgs);
protected virtual void OnAuthenticateRequest (object sender, EventArgs eventArgs);
abstract member OnAuthenticateRequest : obj * EventArgs -> unit
override this.OnAuthenticateRequest : obj * EventArgs -> unit
Protected Overridable Sub OnAuthenticateRequest (sender As Object, eventArgs As EventArgs)

参数

sender
Object

事件的源。The source for the event. 这将是 HttpApplication 对象。This will be an HttpApplication object.

eventArgs
EventArgs

事件的数据。The data for the event.

例外

没有已配置的无效会话标记处理程序。There is not a valid session token handler configured. (在 SessionSecurityTokenHandler 属性中未配置 SecurityTokenHandlers。)(There is no SessionSecurityTokenHandler configured in the SecurityTokenHandlers property.)

注解

此方法执行以下操作:This method does the following:

  1. 调用 TryReadSessionTokenFromCookie 方法以 SessionSecurityToken 从会话 cookie 读取(如果存在)。Invokes the TryReadSessionTokenFromCookie method to read a SessionSecurityToken from the session cookie, if one is present.

  2. 如果无法读取会话安全令牌 (很可能是因为尚未建立会话) ,则返回。If a session security token cannot be read (most likely because a session has not been established), return.

  3. 调用 OnSessionSecurityTokenReceived 方法以引发 SessionSecurityTokenReceived 事件。Invokes the OnSessionSecurityTokenReceived method to raise the SessionSecurityTokenReceived event. 这为从 cookie 读取的令牌进行修改或取消请求提供了机会。This provides an opportunity for the token read from the cookie to be modified or for the request to be canceled. 处理程序还可以通过设置属性来指定应重新颁发令牌 SessionSecurityTokenReceivedEventArgs.ReissueCookieThe handler can also specify that the token should be reissued, by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie property.

  4. 如果要重新颁发令牌,则将其从缓存中删除,并调用 OnSessionSecurityTokenCreated 方法来引发 SessionSecurityTokenCreated 事件。If the token is to be reissued, removes it from the cache and invokes the OnSessionSecurityTokenCreated method to raise the SessionSecurityTokenCreated event. 这为再次修改标记提供了机会。This provides opportunity for the token to again be modified. 还可以通过 SessionSecurityTokenCreatedEventArgs.WriteSessionCookie 在事件处理程序中设置属性来修改重新发出行为。The reissue behavior can also be modified by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property in the event handler.

  5. 调用 AuthenticateSessionSecurityToken 方法来对用户进行身份验证。Invokes the AuthenticateSessionSecurityToken method to authenticate the user. 如果成功,则可以将 Thread.CurrentPrincipal 属性设置为包含在传入令牌的属性中的主体 SessionSecurityToken.ClaimsPrincipalIf successful, this has the effect of setting the Thread.CurrentPrincipal property to the principal that is contained in the SessionSecurityToken.ClaimsPrincipal property of the incoming token.

  6. 如果会话已过期,则调用 SignOut 方法。If the session has expired, invokes the SignOut method.

OnAuthenticateRequest方法将添加到 HttpApplication.AuthenticateRequest 方法中事件的处理程序 InitializeModuleThe OnAuthenticateRequest method is added to the handlers for the HttpApplication.AuthenticateRequest event in the InitializeModule method.

适用于