is Global.asax file: global.asax allows us to write event handlers that react to
global events in web applications.
How it gets called: Global.asax
files are never called directly by the user, rather they are called
automatically in response to application events.
Point to remember
- They do not contain any HTML or ASP.NET
- Contain methods with specific predefined
- They defined methods for a single class,
- They are optional, but a web application has
no more than one global.asax file.
How to add
Select Website >>Add New Item (or Project
>> Add New Item if you're using the Visual Studio web project model) and
choose the Global Application Class template.
you have added the global.asax file, you will find that Visual Studio has added
Application Event handlers:
<%@ Application Language="C#" %>
Purpose of these application event
handlers: To reach and handle any HttpApplication event.
If you want
to know about HttpApplication events, see the MSDN article.
handler reach to HttpApplication Events
- global.asax file aren't attached in the same
way as the event handlers for ordinary control events
- Way to attach them is to use the recognized
method name, i.e. for event handler Application_OnEndRequest(), ASP.NET
automatically calls this method when the HttpApplication.EndRequest event
What kind of application event
global.asax can handle:
Global.asax can handle 2 types of
1) Events that occurs only under specific
conditions, i.e. request / response related events.
Order in which
application event handler executes;
2) Events that don't get fired with every
||What they do|
||This method is called at the start of every
||This method is called just before authentication is
performed. This is time and place where we can write out own authentication
||After the user is authenticated (identified), it's
time to determine the user's permissions. Here we can assign user with special
||This method is commonly used in conjunction with
output caching. |
||This method is called just before session-specific
information is retrieved for the client and used to populate the Session
||This method is called before the appropriate HTTP
handler executes the request.|
||This method is called just after the request is
||This method is called when the session-specific
information is about to be serialized from the Session collection so that it's
available for the next request.|
||This method is called just before information is added
to the output cache.|
||This method is called at the end of the request, just
before the objects are released and reclaimed. It's a suitable point for cleanup
So now it's time to write codes under these event
||What they do|
||This method is invoked when the application first
starts up and the application domain is created. This event handler is a useful
place to provide application-wide initialization code. For example, at this
point you might load and cache data that will not change throughout the lifetime
of an application, such as navigation trees, static product catalogs, and so
||This method is invoked each time a new session begins.
This is often used to initialize user-specific information. |
||This method is invoked whenever an unhandled exception
occurs in the application.|
||This method is invoked whenever the user's session
ends. A session ends when your code explicitly releases it or when it times out
after there have been no more requests received within a given timeout period
(typically 20 minutes).|
||This method is invoked just before an application
ends. The end of an application can occur because IIS is being restarted or
because the application is transitioning to a new application domain in response
to updated files or the process recycling settings.|
||This method is invoked some time after the application
has been shut down and the .NET garbage collector is about to reclaim the memory
it occupies. This point is too late to perform critical cleanup, but you can use
it as a last-ditch failsafe to verify that critical resources are
Let's try for Application_Error
protected void Application_Error(Object sender, EventArgs e)
Response.Write("Oops! Looks like an error occurred!!
" + Server.GetLastError().ToString());
when any error happens, it get handled here with custom message.
write code for Application_AuthenticateRequest , here we can write code our own
authentication codes, because this method is called just before authentication
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
bool cookieFound = false;
HttpCookie authCookie = null;
for (int i = 0; i < Request.Cookies.Count; i++)
cookie = Request.Cookies[i];
if (cookie.Name == FormsAuthentication.FormsCookieName)
cookieFound = true;
authCookie = cookie;
// If the cookie has been found, it means it has been issued from either
// the windows authorisation site, is this forms auth site.
// Extract the roles from the cookie, and assign to our current principal, which is attached to the
FormsAuthenticationTicket winAuthTicket = FormsAuthentication.Decrypt(authCookie.Value);
string roles = winAuthTicket.UserData.Split(';');
FormsIdentity formsId = new FormsIdentity(winAuthTicket);
System.Security.Principal.GenericPrincipal princ = new System.Security.Principal.GenericPrincipal(formsId, roles);
HttpContext.Current.User = princ;
// No cookie found, we can redirect to the Windows auth site if we want, or let it pass through so
// that the forms auth system redirects to the logon page for us.
If there is no error, see below the order
in which application events are handled.
per your requirement you can write your codes to use these application events