I am working on adding login functionality to a site I am building, but after login, the Request.IsAuthenticated property always returns true. I have searched this error and have found the same answers over and over, but those solutions are not working for me.
Code from AccountController::Login action:
if (response.Status == KD.Core.Enumerations.LoginStatus.LoggedIn)
{
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
SessionMgr.GetInstance().SetSessionValue(SessionTypes.UserId, response.UserId);
//Have added logging here to ensure login is successful in prod.
return RedirectToAction("Index", "Home");
}
Code from _Layout view file where I am seeing the problem:
<ul class="profile-nav">
@if (Request.IsAuthenticated)
{
<li class="active"><a href="/Account/Logout" title="Logout">Logout</a></li>
}
else
{
<li class="active"><a href="/Account/Login" title="Login">Login</a></li>
}
</ul>
The 2 previous answers I have found related to the forms authentication configuration in the web.config, but I have tried both and I am still not able to get this to work. The code functions as expected on my development machine (ie...Logout is displayed after logging in). The problem is that once I deploy to my prod web server the login is successful, but the Logout link is not displayed, only Login again. I have verified that the user is being logged in as I have added code to write to a log file from the Login action (right before the RedirectToAction call) so I know it is calling SetAuthCookie, but once it hits the layout code on the subsequent redirect to my home page (Home/Index), the Request.IsAuthenticated does not ever return true so I always get "Login" link again. The 2 things I have tried are the following changes to the web.config for forms auth: 1) adding the "requireSSL="false" 2) adding the domain where "contoso" = the actual domain my prod web server is hosting, but again, neither of these has fixed my issue and I'm running out of ideas.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" requireSSL="false" domain="contoso.com" />
</authentication>
Any help is greatly appreciated.
Well....after 2 months of ripping my hair out I finally figured this out. The web.config at the root application level did not have the "runAllManagedModulesForAllRequests=true" flag. Once I added that attribute, the Request.IsAuthenticated check returned true.
Hope my struggles help someone else in the future.
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"></modules>
</system.webServer>