you're reading...

Looking inside global.asax application file in ASP.NET 3.5

What is Global.asax file: global.asax allows us to write event handlers that react to global events in web application.

How it gets called: Global.asax files are never called directly by user, rather they are called automatically in response of any application event.

Point to remember about global.asax:

1)    They do not contain any HTML or ASP.NET tags.

2)    Contain methods with specific predefined names.

3)    They defined methods for a single class, application class.

4)    They are optional, but a web application has no more than one global.asax file.


How to add global.asax file:

Select Website >>Add New Item (or Project >> Add New Item if you’re using

The Visual Studio web project model) and choose the Global Application Class template.

After you have added global.asax file , you will find that visual studio add Application Event handlers;

<%@ Application Language=”C#” %>

<script runat=”server”>

void Application_Start(object sender, EventArgs e)


// Code that runs on application startup


void Application_End(object sender, EventArgs e)


//  Code that runs on application shutdown


void Application_Error(object sender, EventArgs e)


// Code that runs when an unhandled error occurs


void Session_Start(object sender, EventArgs e)


// Code that runs when a new session is started


void Session_End(object sender, EventArgs e)


// Code that runs when a session ends.

// Note: The Session_End event is raised only when the sessionstate mode

// is set to InProc in the Web.config file. If session mode is set to StateServer

// or SQLServer, the event is not raised.




Purpose of these application event handlers: To reach and handle any HttpApplication event.

If you want to know about all types of HttpApplication events, see msdn article here

How these handler reach to HttpApplication Events

1)    global.asax file aren’t attached in the same way as the event handlers for ordinary control events

1)    Way to attached them is to use the recognized method name, i.e. for event handler Application_OnEndRequest(),ASP.NET automatically calls this method when the HttpApplication.EndRequest event occurs


What kind of application event global.asax can handle:

Global.asax can handle 2 types of applications events

1)    Events that occurs only under specific conditions ,i.e. request response relates events



Order in which application event handler executes;

Order Application Events What they do
1 Application_BeginRequest(): This method is called at the start of every request.
2 Application_AuthenticateRequest(): This method is called just before authentication is performed. This is time and place where we can write out own authentication codes.
3 Application_AuthorizeRequest(): After the user is authenticated (identified), it’s time to determine the user’s permissions. Here we can assign user with special privileges
4 Application_ResolveRequestCache(): This method is commonly used in conjunction with
    Output caching.
5 Application_AcquireRequestState(): This method is called just before session-specific information is retrieved for the client and used to populate the Session collection.
6 Application_PreRequestHandlerExecute(): This method is called before the appropriate
    HTTP handler executes the request.
7 Application_PostRequestHandlerExecute(): This method is called just after the request is handled.
8 Application_ReleaseRequestState(): This method is called when the session-specific information is about to be serialized from the Session collection so that it’s available for the next request.
9 Application_UpdateRequestCache(): This method is called just before information is added to the output cache.
10 Application_EndRequest(): This method is called at the end of the request, just before the objects are released and reclaimed. It’s a suitable point for cleanup code.

2)    Events that don’t get fired with every request.

Order Application Events What They Do
1 Application_Start(): This method is invoked when the application first starts up and the application domain is created. This event handler is a useful place to provide application-wide initialization code. For example, at this point you might load and cache data that will not change throughout the lifetime of an application, such as navigation trees, static product catalogs, and so on.
2 Session_Start(): This method is invoked each time a new session begins. This is often used to initialize user-specific information.
3 Application_Error(): This method is invoked whenever an unhandled exception occurs in the application.
4 Session_End(): This method is invoked whenever the user’s session ends. A session ends when your code explicitly releases it or when it times out after there have been no more requests received within a given timeout period (typically 20 minutes).
5 Application_End(): This method is invoked just before an application ends. The end of an application can occur because IIS is being restarted or because the application is transitioning to a new application domain in response to updated files or the process recycling settings.
6 Application_Disposed(): This method is invoked some time after the application has been shut down and the .NET garbage collector is about to reclaim the memory it occupies. This point is too late to perform critical cleanup, but you can use it as a last-ditch failsafe to verify that critical resources are released.

So now it’s time to write codes under these event handlers.

Let’s try for Application_Error

protected void Application_Error(Object sender, EventArgs e)


Response.Write(“<font face=\”Tahoma\” size=\”2\” color=\”red\”>”);

Response.Write(“Oops! Looks like an error occurred!!<hr></font>”);

Response.Write(“<font face=\”Arial\” size=\”2\”>”);


Response.Write(“<hr>” + Server.GetLastError().ToString());



So when any error happens, it get handled here with custom message.




Let’s write code for Application_AuthenticateRequest , here we can write code our own authentication                          codes, because this method is called just before authentication is performed.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)


Response.Write(“Authenticating request…<br>”);

bool cookieFound = false;

HttpCookie authCookie = null;

HttpCookie cookie;

for (int i = 0; i < Request.Cookies.Count; i++)


cookie = Request.Cookies[i];

if (cookie.Name == FormsAuthentication.FormsCookieName)


cookieFound = true;

authCookie = cookie;




// If the cookie has been found, it means it has been issued from either

// the windows authorisation site, is this forms auth site.

if (cookieFound)


// Extract the roles from the cookie, and assign to our current principal, which is attached to the

// HttpContext.

FormsAuthenticationTicket winAuthTicket = FormsAuthentication.Decrypt(authCookie.Value);

string[] roles = winAuthTicket.UserData.Split(‘;’);

FormsIdentity formsId = new FormsIdentity(winAuthTicket);

System.Security.Principal.GenericPrincipal princ = new System.Security.Principal.GenericPrincipal(formsId, roles);

HttpContext.Current.User = princ;




// No cookie found, we can redirect to the Windows auth site if we want, or let it pass through so

// that the forms auth system redirects to the logon page for us.




If there is no error, see below the order in which application events are handled.




As per your requirement you can write your codes to use these application events handlers.




About Vishal

Vishal Nayan is a seasoned professional with hand on Experience on Mircrosoft Technologies. He always look for challenging IT position that allows him to learn new Microsoft Technologies while utilizing experience of Project Development and Software Engineering Ethics. A MCP in WCF ,and looking forward for more.


2 thoughts on “Looking inside global.asax application file in ASP.NET 3.5

  1. Great Coverage…I finally understand WHEN the Global.asax is called

    Posted by Dominick | 2011/07/30, 5:19 PM
  2. Cheers, man!

    Thank U very much for this article – it helps me to set a user role in Silverlight application. Hardly shake Ur hand.

    John (Archangelsk, Russia)

    Posted by JohnyMotorhead | 2012/01/14, 2:07 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow Vishalnayan on WordPress.com

Blog Stats

  • 216,313 hits
%d bloggers like this: