I'm using the Facebook C# SDK, and I authenticate the user by their Facebook account. Once I've performed all the checks to "authenticate" them, I call FormsAuthentication.SetAuthCookie(email, false);
Does performing that call allow me to have access to User.Identity.IsAuthenticated
within my actions? What about if I didn't make that call?
I have some actions that will return different views based on their authentication status, and want to make sure User.Identity.IsAuthenticated
is reliable in an MVC 4 app.
You can achieve this by manually settings HttpContext. User: var identity = new ClaimsIdentity("Custom"); HttpContext. User = new ClaimsPrincipal(identity);
Identity Server is an open source OpenID Connect and OAuth 2.0 framework. It can be used to make your application an authentication / single sign on server. It can also issue access tokens for 3rd party clients.
It is the FormsAuthentication HTTP module that is registered and which executes on each request. This module is automatically registered when you specify mode="Forms"
in your web.config's <authentication>
tag. It is this same module which intercepts all 401 responses and automatically redirects the user to the LogOn page (which sometimes is not a desired behavior as the end result is HTTP status code of 200).
So to answer your questions:
Does performing that call allow me to have access to User.Identity.IsAuthenticated within my actions? What about if I didn't make that call?
Not exactly. This call only emits the forms authentication cookie to the response. It is the HTTP module which is responsible for intercepting the request and if this request contains the cookie it will set the User.Identity
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With