Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Who sets the IsAuthenticated property of the HttpContext.User.Identity

This code is from the asp.net mvc RTM source code

Who sets the IsAuthenticated property of the HttpContext.User.Identity ?

   protected virtual bool AuthorizeCore(HttpContextBase httpContext) {         if (httpContext == null) {             throw new ArgumentNullException("httpContext");         }          IPrincipal user = httpContext.User;         if (!user.Identity.IsAuthenticated) {             return false;         }     } 

Is the IsAuthenticated property set by calling the method (asp.net mvc 4.0 sample project):

FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); 

When I debug the code of the LogOn method of the asp.net mvc 4.0 sample project after the above FormsAuth... method call. The execution of

User.Identity.IsAuthenticated 

is still returning FALSE. Only when I debug the LogOff method the

User.Identity.IsAuthenticated 

says TRUE. So who is setting this property to TRUE and WHEN ?

UPDATE:

This is about FORMS authentication!

I did now debug the LogOn method of the asp.net mvc sample project and after the LogOn action is returned my AuthorizeCore method I have overridden is called and then the IsAuthenticated property is TRUE!

Does setting of TRUE depend maybe of the ModelState.Value.Error collections ?

If count == 0 in the error collections the IsAuthenticated is TRUE else the IsAuthenticated is FALSE

Can you confirm that?

like image 982
Elisabeth Avatar asked Dec 28 '11 19:12

Elisabeth


People also ask

How is HttpContext current user identity Name set?

It just holds the username of the user that is currently logged in. After login successful authentication, the username is automatically stored by login authentication system to "HttpContext.Current.User.Identity.Name" property.

How do you set HttpContext user identity for an application manually?

You can achieve this by manually settings HttpContext. User: var identity = new ClaimsIdentity("Custom"); HttpContext. User = new ClaimsPrincipal(identity);

How do I find HttpContext current user identity Name?

Web namespace (which contains the HttpContext class), you can reference the members of HttpContext on an . aspx page without using the fully qualified class reference to HttpContext. For example, you can use User.Identity.Name to get the name of the user on whose behalf the current process is running.

Why is user identity IsAuthenticated false?

isauthenticated is False when a user is already logged in. However, there is a very wide range of answers, from trivial Web.


1 Answers

This property is set by the forms authentication module by reading and parsing the forms authentication cookie from the request. I've put request in bold because I suspect that's the reason why you are observing this behavior. Let me explain. When you call FormsAuthentication.SetAuthCookie upon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequent requests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling the SetAuthCookie method. Inside the request that called this method you already know whether the user provided correct credentials so you don't need to check the IsAuthenticated property.

like image 147
Darin Dimitrov Avatar answered Sep 28 '22 06:09

Darin Dimitrov