There are several events that get triggered on every request, HttpApplication.AuthorizeRequest()
should work.
In order to only fetch from the database for logged in users, you can check the Name
property of User.Identity
which only gets set once the user authenticates:
if(!string.IsEmpty(User.Identity.Name))
{
//make call to database
}