ProfileModule class is a new class available for ASP.NET 2.0 developers to create and manage user specific settings (profile).  ProfileModule is an ASP.NET HttpRuntime Module (i.e. class that implements IHttpModule interface).  As such, it will be called by the runtime in the order in which it’s registered in the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\web.config.  Below is the “default” order:

1.       OutputCache implemented by System.Web.Caching.OutputCacheModule

2.       Session implemented by System.Web.SessionState.SessionStateModule

3.       WindowsAuthentication implemented by System.Web.Security.WindowsAuthenticationModule

4.       FormsAuthentication implemented by System.Web.Security.FormsAuthenticationModule

5.       PassportAuthentication implemented by System.Web.Security.PassportAuthenticationModule

6.       RoleManager implemented by System.Web.Security.RoleManagerModule

7.       UrlAuthorization implemented by System.Web.Security.UrlAuthorizationModule

8.       FileAuthorization implemented by System.Web.Security.FileAuthorizationModule

9.       AnonymousIdentification implemented by System.Web.Security.AnonymousIdentificationModule

10.  Profile implemented by System.Web.Profile.ProfileModule

11.   ErrorHandlerModule implemented by System.Web.Mobile.ErrorHandlerModule


ProfileModule subscribes to two events raised by the HttpApplication class –AcquireRequestState and EndRequest (for more information on ASP.NET 2.0 page lifecycle visit


On AcquireRequestState event, ProfileManager raises Personalize event (if there is a registered handler), and the sets the Context.Profile property to the object that contains all the user data retrieved by ProfileBase class or your own class specified in web.config that inherits from ProfileBase.  Also, if the request is authenticated (i.e. not anonymous), but there is an associated anonymous id (Request.AnonymousID), then MigrateAnonymous event is fired.  Now you understand why it’s so important to delete the cookie, not just delete the profile data from the database, after your migration logic:

Public void  Profile_MigrateAnonymous(object sender, ProfileMigrateEventArgs pe)


ProfileCommon p = Profile.GetProfile(pe.AnonymousID);


// TODO: add code here to copy all user settings

//  e.g. Profile.FavoriteColor = p.FavoriteColor


// delete from database


// delete cookie so this user is no longer seen as anonymous




Of course, this all happens only if ProfileManager enabled is set to true.


On EndRequest event, if automatic save is enabled (ProfileManager.AutomaticSaveEnabled), and ProfileAutoSaving event handler (if one exists) does not change the ContinueWithProfileAutoSave event argument’s property to false, then the user state is persisted.


That’s pretty much all there is to it…