Global.asax files, sometimes called ASP.NET application files, provide a central location to respond to application-level or module-level events. You can use this file to implement application security and other tasks.
The Global.asax file is configured so that any direct HTTP request (via the URL) is automatically rejected, so users cannot download or view its contents. The ASP.NET page framework automatically recognizes any changes made to the Global.asax file. The ASP.NET page framework restarts the application after Global.asax is changed, which includes closing all browser sessions, removing all state information, and restarting the application domain.
The Global.asax file inherits from the HttpApplication class, which maintains a pool of HttpApplication objects and allocates objects in the pool to applications when needed. The Global.asax file contains the following events:
· Application_Init: This event is triggered when the application is instantiated or called for the first time. It will be called for all HttpApplication object instances.
· Application_Disposed: Triggered before the application is destroyed. This is an ideal place to clear out previously used resources.
· Application_Error: This event is triggered when an unhandled exception is encountered in the application.
· Application_Start: This event is triggered when the first instance of the HttpApplication class is created. It allows you to create objects that can be accessed by all HttpApplication instances.
· Application_End: This event is triggered when the last instance of the HttpApplication class is destroyed. It is triggered only once during the lifetime of an application.
· Application_BeginRequest: Triggered when an application request is received. For a request, it is the first event to be triggered. The request is usually a page request (URL) entered by the user.
· Application_EndRequest: The last event requested by the application.
· Application_PreRequestHandlerExecute: This event is triggered before the ASP.NET page framework begins executing an event handler such as a page or Web service.
· Application_PostRequestHandlerExecute: This event is triggered when the ASP.NET page framework ends executing an event handler.
· Applcation_PreSendRequestHeaders: This event is triggered when the ASP.NET page framework sends HTTP headers to the requesting client (browser).
· Application_PreSendContent: This event is triggered when the ASP.NET page framework sends content to the requesting client (browser).
· Application_AcquireRequestState: This event is triggered when the ASP.NET page framework gets the current state (Session state) related to the current request.
· Application_ReleaseRequestState: This event is triggered when the ASP.NET page framework has completed executing all event handlers. This will cause all state modules to save their current state data.
· Application_ResolveRequestCache: This event is triggered when the ASP.NET page framework completes an authorization request. It allows the cache module to serve requests from the cache, thereby bypassing the execution of event handlers.
· Application_UpdateRequestCache: This event is triggered when the ASP.NET page framework completes the execution of the event handler, allowing the cache module to store the response data for use in responding to subsequent requests.
· Application_AuthenticateRequest: This event is triggered when the security module establishes a valid identity for the current user. At this time, the user's credentials will be verified.
· Application_AuthorizeRequest: This event is triggered when the security module confirms that a user can access the resource.
· Session_Start: This event is triggered when a new user accesses the application Web site.
· Session_End: This event is triggered when a user's session times out, ends, or when they leave the application Web site.
A key issue with using these events is knowing the order in which they are fired. The Application_Init and Application_Start events are fired once when the application is first started. Similarly, the Application_Disposed and Application_End events are fired once when the application terminates. Additionally, session-based events (Session_Start and Session_End) are used only when users enter and leave the site. The remaining events handle application requests. The order in which these events are triggered is:
· Application_BeginRequest
· Application_AuthenticateRequest
· Application_AuthorizeRequest
· Application_ResolveRequestCache
· Application_AcquireRequestState
· Application_PreRequestHandlerExecute
· Application_PreSendRequestHeaders
· Application_PreSendRequestContent
· <<Execution Code>>
· Application_PostRequestHandlerExecute
· Application_ReleaseRequestState
· Application_UpdateRequestCache
· Application_EndRequest
these events Often used for security purposes. The following C# example demonstrates the different Global.asax events, using the Application_Authenticate event to complete form-based authentication through cookies. Additionally, the Application_Start event populates an application variable, and Session_Start populates a session variable. The Application_Error event displays a simple message describing the error that occurred.
protected void Application_Start(Object sender, EventArgs e) {
Application["Title"] = "Builder.com Sample";
}
protected void Session_Start(Object sender, EventArgs e) {
Session["startValue"] = 0;
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
//Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if(null == authCookie) {
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try {
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
} catch(Exception ex) {
// Log exception details (omitted for simplicity)
return;
}
if (null == authTicket) {
// Cookie failed to decrypt.
return;
}
// When the ticket was created, the UserData property was assigned
// a pipe delimited string of role names.
string[2] roles
roles[0] = "One"
roles[1] = "Two"
// Create an Identity object
FormsIdentity id = new FormsIdentity( authTicket );
// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, roles);
// Attach the new principal object to the current HttpContext object
Context.User = principal;
}
protected void Application_Error(Object sender, EventArgs e) {
Response.Write("Error encountered.");
}
http://www.cnblogs.com/niit007/archive/2006/08/13/475565.html