User.Identity.IsAuthenticated is false after successful login

Question

I need to get the UserId Guid directly after a successful login. The following code doesn't work:

if (Membership.ValidateUser(txtUsername.Value, txtPassword.Value))
{
    FormsAuthentication.SignOut();
    FormsAuthentication.SetAuthCookie(txtUsername.Value, true);

    if (HttpContext.Current.User.Identity.IsAuthenticated)
    {
        // doesn't run
        Guid puk = (Guid)Membership.GetUser().ProviderUserKey;            
    }
}

The following code does work:

if (Membership.ValidateUser(txtUsername.Value, txtPassword.Value))
{
    FormsAuthentication.SignOut();
    FormsAuthentication.SetAuthCookie(txtUsername.Value, true);

    MembershipUser user = Membership.GetUser(txtUsername.Value);

    if (user != null)
    {
        Guid puk = (Guid)user.ProviderUserKey;
    }
}

Why does this happen? Is there something more to do besides SetAuthCookie?

score 24 · Answer 1 · answered Jan 04 '15 at 18:06

I had the same problem too. I forgot to set the web.config configuration.

Maybe you missed too.

   <system.web> 
    <authentication mode="Forms">
      <forms loginUrl="~/user/login" timeout="1000" name="__Auth" />
    </authentication>  
  </system.web>

Oleksii Aza · Accepted Answer · 2017-12-20T19:38:49.293

17

Because when you call FormsAuthentication.SetAuthCookie(txtUsername.Value, true); you store the key on the client's cookies. For this you need to do a response to the user. And for HttpContext.Current.User.Identity to be filled with cookie you need one more request.

In short your scheme looks like this:

Client sends his UserName and Password.
Server gets and checks it. If they are valid the server sends Set-Cookie header to the client.
Client receives and stores it. For each request client sends cookies back to the server.

UPDATE for @Jake

Adding an example of setting User in HttpContext

var identity = new System.Security.Principal.GenericIdentity(user.UserName);
var principal = new GenericPrincipal(identity, new string[0]);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;

Note that you could create your custom principal class inheriting from GenericPrincipal or ClaimsPrincipal

edited Dec 20 '17 at 19:38

answered Jul 14 '13 at 19:08

Oleksii Aza

5,212
27
33

Is there any way to access User Identity in the same request? – Ahmad Ahmadi Aug 29 '15 at 07:09
1

@AhmadAhmadi you can set it manually assigning CustomPrincipal object to User property of HttpContext. – Oleksii Aza Aug 30 '15 at 19:31
1

@OleksiiAza Could you possibly update your answer to show how to do this? – Jake Dec 20 '17 at 19:01

score 4 · Answer 3 · answered Feb 19 '18 at 12:10

4

In my development environment case, requireSSL property was set to true, I fixed the problem by changing it to requireSSL = false.

answered Feb 19 '18 at 12:10

doganak

738
12
29

score 3 · Answer 4 · answered Aug 02 '17 at 07:20

3

I tried all the above solutions ,but the thing that solves my problem was commenting this in web.config

 <modules>
  <remove name="FormsAuthentication"/>
 </modules>

answered Aug 02 '17 at 07:20

Musab

861
10
12

This would remove forms authentication altogether, so of course that would let the user go by. – killa-byte Oct 01 '18 at 19:17
This didn't remove forms authentication but I'm not sure what it's doing. The true/false is now working with that module removed;... odd? – Zonus Oct 25 '18 at 13:55

User.Identity.IsAuthenticated is false after successful login

4 Answers4

Linked

Related