At what point within the ASP.Net request pipeline and the page life cycle does Visual Guard .Net come in? This is relevant for all requests in general and the user login page in particular.
On HttpApplication_AuthenticatRequest event:
Visual Guard .Net gets the current identity (WindowsIdentity for site based on Windows authentication, FormsIdentity for site based on Forms authentication).
Visual Guard .Net checks against its repository whether the current user can access or not to the application and provides the principal that will be used by ASP.Net (Context.User).
If the current user cannot access the dotnet application, Visual Guard .Net checks whether the application supports or not anonymous sessions. If the application does not support anonymous session, Visual Guard .Net set the Http Status Code to 401 (Access denied). If anonymous sessions are supported, Visual Guard .Net provides a default principal containing permission for anonymous sessions.
On Page_Init (for Page and MasterPage only):
Visual Guard .Net applies security actions defined for the page. It is also possible to secure other classes of the application, but you should implicitly call Visual Guard .Net to secure these classes.
Visual Guard .NET - Version 2.7.802.29