This code is from the asp.net mvc RTM source code
Who sets the IsAuthenticated property of the HttpContext.User.Identity ?
protected virtual bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext == null) { throw new ArgumentNullException("httpContext"); } IPrincipal user = httpContext.User; if (!user.Identity.IsAuthenticated) { return false; } }
Is the IsAuthenticated property set by calling the method (asp.net mvc 4.0 sample project):
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
When I debug the code of the LogOn method of the asp.net mvc 4.0 sample project after the above FormsAuth... method call. The execution of
User.Identity.IsAuthenticated
is still returning FALSE. Only when I debug the LogOff method the
User.Identity.IsAuthenticated
says TRUE. So who is setting this property to TRUE and WHEN ?
UPDATE:
This is about FORMS authentication!
I did now debug the LogOn method of the asp.net mvc sample project and after the LogOn action is returned my AuthorizeCore method I have overridden is called and then the IsAuthenticated property is TRUE!
Does setting of TRUE depend maybe of the ModelState.Value.Error collections ?
If count == 0 in the error collections the IsAuthenticated is TRUE else the IsAuthenticated is FALSE
Can you confirm that?
It just holds the username of the user that is currently logged in. After login successful authentication, the username is automatically stored by login authentication system to "HttpContext.Current.User.Identity.Name" property.
You can achieve this by manually settings HttpContext. User: var identity = new ClaimsIdentity("Custom"); HttpContext. User = new ClaimsPrincipal(identity);
Web namespace (which contains the HttpContext class), you can reference the members of HttpContext on an . aspx page without using the fully qualified class reference to HttpContext. For example, you can use User.Identity.Name to get the name of the user on whose behalf the current process is running.
isauthenticated is False when a user is already logged in. However, there is a very wide range of answers, from trivial Web.
This property is set by the forms authentication module by reading and parsing the forms authentication cookie from the request. I've put request in bold because I suspect that's the reason why you are observing this behavior. Let me explain. When you call FormsAuthentication.SetAuthCookie
upon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequent requests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling the SetAuthCookie method. Inside the request that called this method you already know whether the user provided correct credentials so you don't need to check the IsAuthenticated property.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With