/// <summary>
        /// Raises the <see cref="Authenticate"/> event.
        /// </summary>
        protected virtual void OnAuthenticate(BasicAuthenticationEventArgs e)
        {
            if (e == null)
                throw new ArgumentNullException("e");

            BasicAuthenticationEventHandler handler = Authenticate;

            if (handler != null)
                handler(this, e);
        }
        /// <summary>
        /// Raises the Authenticate event and then allows access to the 
        /// authenticated identity by installing it as the user making the
        /// current request. 
        /// </summary>
        protected virtual void Allow(HttpContext context, IIdentity identity, object userToken)
        {
            //
            // Raise the Authenticate event. This gives the application the
            // chance to, for example, catch the event in Global.asax and
            // set a custom principal upon authentication.
            //

            BasicAuthenticationEventArgs eventArgs = new BasicAuthenticationEventArgs(context, identity, userToken);
            OnAuthenticate(eventArgs);

            //
            // If no user was set into the context by the event handler(s)
            // and a user object was supplied, then install it into the
            // context now.
            //

            if (context.User == null && eventArgs.User != null)
                context.User = eventArgs.User;

            //
            // No user set so far? Let's create a generic one with no roles.
            //

            if (context.User == null)
            {
                IPrincipal user = userToken as IPrincipal;

                if (user == null)
                    user = new GenericPrincipal(eventArgs.Identity, null);

                context.User = user;
            }
        }