Authentication and httpmodule

Httpmodule allows us to hook our handler to perform specific business authentication.

Hooking AuthenticatedRequest Event

Problem Scenario

To perform business specific rule after authenticated request


public class CustomWindowsAuthentication : IHttpModule

private HttpApplication httpApp;

public void Init(HttpApplication httpApp)
this.httpApp = httpApp;
httpApp.AuthenticateRequest += new EventHandler(OnAuthentication);

void OnAuthentication(object sender, EventArgs a)
HttpApplication application = (HttpApplication)sender;
HttpResponse response = application.Context.Response;
HttpContext Context = HttpContext.Current;
IPrincipal user = application.Context.User;
if (user != null)
WindowsIdentity identity =

if (identity != null)
// TODO: Add business rule

public void Dispose()
{ }


Related Articles


User who is responsible for running current thread can be impersonated programmatically.

Login code in c#

Code for login form ,user enter username,password this is verified from database and according to that user is logged in or invalid user message is given

Login As different user

It helps in performing action like "login As". different user can loging into system by clicking some link.

More articles: Authentication HttpModule Business specific rule


Guest Author: Raphaël29 Aug 2013

Simple, easy and efficient ! I was looking for that thank you !
No I have my custom authentication, that I can disable by removing the Http Module from the config !

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: