What is the global.asax file? What events you can define there?

The global.asax file is an optional part of an ASP.NET application. It is located in the root of the web application directory structure. It cannot be directly loaded or requested by users. The global.asax declares a class derived from HttpApplication, which provides a place to define application-wide, session-wide and request-wide events.

You might think, that each web application has a single instance of such Application class. Indeed, in ASP.NET framework an object representing the “application” is a singleton – only one exists. But this assumption actually is not true.

The ASP.NET runtime maintains a pool of HttpApplication objects. When an incoming request arrives, the runtime takes an HttpApplication object from the pool to pair with the request. The object remains associated with the request, and only that request, until the request processing is complete. When the request is finished the runtime may return the object to the pool, and later pull it out to service another request later – but only one request at a time is associated with an HttpApplication object.

global.asax events

You can define your own events, but it does contain default Application events, which you can intercept. There is list of such events in order of their flow:

  1. Application_Init: Fired when an application initializes or is first called. It's invoked for all HttpApplication object instances.
  2. Application_Start: Fired when the first instance of the HttpApplication class is created. It allows you to create objects that are accessible by all HttpApplication instances.
  3. Application_BeginRequest: Fired when an application request is received. It's the first event fired for a request, which is often a page request (URL) that a user enters.
  4. Application_AuthenticateRequest: Fired when the security module has established the current user's identity as valid. At this point, the user's credentials have been validated.

  5. Application_AuthorizeRequest: Fired when the security module has verified that a user can access resources.

  6. Application_ResolveRequestCache: Fired when the ASP.NET page framework completes an authorization request. It allows caching modules to serve the request from the cache, thus bypassing handler execution.

  7. Application_AcquireRequestState: Fired when the ASP.NET gets the current state (Session state) related to the current request.

  8. Application_PreRequestHandlerExecute: Fired before the ASP.NET begins executing an event handler like a page or Web service.

  9. Application_PostRequestHandlerExecute: Fired when the ASP.NET is finished executing an event handler.

  10. Application_ReleaseRequestState: Fired when the ASP.NET completes execution of all event handlers. This results in all state modules to save their current state data.

  11. Application_UpdateRequestCache: Fired when the ASP.NET completes handler execution to allow caching modules to store responses to be used to handle subsequent requests.

  12. Application_EndRequest: The last event fired for an application request.

  13. Applcation_PreSendRequestHeaders: Fired before the ASP.NET sends HTTP headers to a requesting client (browser).

  14. Applcation_PreSendRequestContent: Fired before the ASP.NET sends actual content to requesting client (browser).

  15. Session_End: Fired when a user's session times out, ends, or they leave the application Web site.

  16. Application_Disposed: Fired just before an application is destroyed. This is the ideal location for cleaning up previously used resources.

  17. Application_End: Fired when the last instance of an HttpApplication class is destroyed. It's fired only once during an application's lifetime.

And the last one is Application_Error, which might be fired at any moment of application lifetime. Fired when an unhandled exception is encountered within the application.

Also, you can subscribe to any event of any active HttpModule in application. Use [ModuleName]_[EventName] method name to intercept event of module, for example FormsAuthentication_Authenticate.

Short answer

  • The global.asax file is part of an ASP.NET application, which declares a class derived from HttpApplication, which provides a place to intercept application events as well as define own events.
  • There are total 18 default events you can intercept, but most important are Application_Init, Application_Start, Application_Error, Application_BeginRequest, Application_EndRequest, Session_Start, Session_End.