Looking inside Global.asax application file in ASP.NET 3.5

What is Global.asax file: global.asax allows us to write event handlers that react to global events in web applications.

How it gets called: Global.asax files are never called directly by the user, rather they are called automatically in response to application events.

Point to remember about global.asax:
  1. They do not contain any HTML or ASP.NET tags.
  2. Contain methods with specific predefined names.
  3. They defined methods for a single class, application class.
  4. They are optional, but a web application has no more than one global.asax file.
How to add global.asax file:

Select Website >>Add New Item (or Project >> Add New Item if you're using the Visual Studio web project model) and choose the Global Application Class template.

After you have added the global.asax file, you will find that Visual Studio has added Application Event handlers:

<%@ Application Language="C#" %>
<script runat="server">
    void Application_Start(object sender, EventArgs e)
        // Code that runs on application startup
    void Application_End(object sender, EventArgs e)
        //  Code that runs on application shutdown
    void Application_Error(object sender, EventArgs e)
        // Code that runs when an unhandled error occurs
    void Session_Start(object sender, EventArgs e)
        // Code that runs when a new session is started
    void Session_End(object sender, EventArgs e)
        // Code that runs when a session ends.
        // Note: The Session_End event is raised only when the sessionstate mode
        // is set to InProc in the Web.config file. If session mode is set to StateServer
        // or SQLServer, the event is not raised.

Purpose of these application event handlers: To reach and handle any HttpApplication event.

If you want to know about HttpApplication events, see the MSDN article.

How these handler reach to HttpApplication Events
  1. global.asax file aren't attached in the same way as the event handlers for ordinary control events
  2. Way to attach them is to use the recognized method name, i.e. for event handler Application_OnEndRequest(), ASP.NET automatically calls this method when the HttpApplication.EndRequest event occurs.
What kind of application event global.asax can handle:

Global.asax can handle 2 types of applications events

1) Events that occurs only under specific conditions, i.e. request / response related events.

Order in which application event handler executes;

Order Application Events What they do
1 Application_BeginRequest() This method is called at the start of every request.
2 Application_AuthenticateRequest() This method is called just before authentication is performed. This is time and place where we can write out own authentication codes.
3 Application_AuthorizeRequest() After the user is authenticated (identified), it's time to determine the user's permissions. Here we can assign user with special privileges
4 Application_ResolveRequestCache() This method is commonly used in conjunction with output caching. 
5 Application_AcquireRequestState() This method is called just before session-specific information is retrieved for the client and used to populate the Session collection.
6 Application_PreRequestHandlerExecute() This method is called before the appropriate HTTP handler executes the request.
7 Application_PostRequestHandlerExecute() This method is called just after the request is handled.
8 Application_ReleaseRequestState() This method is called when the session-specific information is about to be serialized from the Session collection so that it's available for the next request.
9 Application_UpdateRequestCache() This method is called just before information is added to the output cache.
10 Application_EndRequest() This method is called at the end of the request, just before the objects are released and reclaimed. It's a suitable point for cleanup code.

2) Events that don't get fired with every request.

Order Application Events What they do
1 Application_Start() This method is invoked when the application first starts up and the application domain is created. This event handler is a useful place to provide application-wide initialization code. For example, at this point you might load and cache data that will not change throughout the lifetime of an application, such as navigation trees, static product catalogs, and so on.
2 Session_Start() This method is invoked each time a new session begins. This is often used to initialize user-specific information. 
3 Application_Error() This method is invoked whenever an unhandled exception occurs in the application.
4 Session_End() This method is invoked whenever the user's session ends. A session ends when your code explicitly releases it or when it times out after there have been no more requests received within a given timeout period (typically 20 minutes).
5 Application_End() This method is invoked just before an application ends. The end of an application can occur because IIS is being restarted or because the application is transitioning to a new application domain in response to updated files or the process recycling settings.
6 Application_Disposed() This method is invoked some time after the application has been shut down and the .NET garbage collector is about to reclaim the memory it occupies. This point is too late to perform critical cleanup, but you can use it as a last-ditch failsafe to verify that critical resources are released.
So now it's time to write codes under these event handlers.

Let's try for Application_Error

protected void Application_Error(Object sender, EventArgs e)
    Response.Write("<font face=\"Tahoma\" size=\"2\" color=\"red\">");
    Response.Write("Oops! Looks like an error occurred!!<hr></font>");
    Response.Write("<font face=\"Arial\" size=\"2\">");
    Response.Write("<hr>" + Server.GetLastError().ToString());

So when any error happens, it get handled here with custom message.

Let's write code for Application_AuthenticateRequest , here we can write code our own authentication codes, because this method is called just before authentication is performed.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    Response.Write("Authenticating request...<br>");
    bool cookieFound = false;
    HttpCookie authCookie = null;
    HttpCookie cookie;
    for (int i = 0; i < Request.Cookies.Count; i++)
        cookie = Request.Cookies[i];
        if (cookie.Name == FormsAuthentication.FormsCookieName)
            cookieFound = true;
            authCookie = cookie;
    // If the cookie has been found, it means it has been issued from either
    // the windows authorisation site, is this forms auth site.
    if (cookieFound)
        // Extract the roles from the cookie, and assign to our current principal, which is attached to the
        // HttpContext.
        FormsAuthenticationTicket winAuthTicket = FormsAuthentication.Decrypt(authCookie.Value);
        string[] roles = winAuthTicket.UserData.Split(';');
        FormsIdentity formsId = new FormsIdentity(winAuthTicket);
        System.Security.Principal.GenericPrincipal princ = new System.Security.Principal.GenericPrincipal(formsId, roles);
        HttpContext.Current.User = princ;
        // No cookie found, we can redirect to the Windows auth site if we want, or let it pass through so
        // that the forms auth system redirects to the logon page for us.

If there is no error, see below the order in which application events are handled.


As per your requirement you can write your codes to use these application events handlers.