According to the documentation:
Occurs when a security module has
established the identity of the user.
...
The PostAuthenticateRequest event is
raised after the AuthenticateRequest
event has occurred. Functionality that
subscribes to the
PostAuthenticateRequest event can
access any data that is processed by
the PostAuthenticateRequest.
And here's the ASP.NET Page Life Cycle.
But because your question is tagged with ASP.NET MVC I would strongly recommend you performing this into a custom [Authorize]
attribute instead of using this event. Example:
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (isAuthorized)
{
var authCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var identity = new GenericIdentity(authTicket.Name, "Forms");
var principal = new GenericPrincipal(identity, new string[] { });
httpContext.User = principal;
}
}
return isAuthorized;
}
}
Now decorate your controllers/actions with the [MyAuthorize]
attribute:
[MyAuthorize]
public ActionResult Foo()
{
// if you got here the User property will be the custom
// principal you injected in the authorize attribute
...
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…