Search code examples
c#asp.net-mvcforms-authenticationmembership-provider

Why do I get User.Identity.IsAuthenticated false

I get my User.Identity.IsAuthenticated in false. I think this is causing my second problem: I cannot access controllers with [Authorize] decorator.

My code goes:

  • My MembershipProviderinheritance, with the implementation on ValidateUser:

    public override bool ValidateUser(string username, string password)
{
    if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
        return false;

    var user = DBManager.Context.Usuarios.First(x => x.Nombre == username);
    if (user.Pass != password)
        return false;
    return true;
}

  • My Web.Config authentication part:

    <authentication mode="Forms">
  <forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="20" slidingExpiration="true" />
</authentication>
<membership defaultProvider="Membership">
  <providers>
    <clear />
    <add name="Membership"
     type="SGKS.Security.Membership" />
  </providers>
</membership>

  • My Contorller:

    [HttpGet]
[AllowAnonymous]
public ActionResult Login()
{
    if (User.Identity.IsAuthenticated)
    {
        return RedirectToAction("Index", "Facutra");
    }
    return View();
}

[HttpPost]
[AllowAnonymous]
public ActionResult Login(Login model)
{
    if (ModelState.IsValid)
    {
        if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
        {
            FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);
        }
        ViewBag.Error = "Usuario y/o contraseña incorrectos.";
    }
    return View(model);
}
Solution

  • I found the answer here:

    When you call FormsAuthentication.SetAuthCookie upon successful authentication you are adding the authentication cookie to the response. This cookie will be stored on the client browser and will be sent on subsequent requests. So it is only on subsequent requests that the user will be considered as authenticated. So you need to always redirect after calling the SetAuthCookie method.

    In other words, you need to add RedirectToAction immediately after calling FormsAuthentication.SetAuthCookie.

    [HttpPost]
[AllowAnonymous]
// The ASP.NET framework automatically puts a returnUrl query string parameter of the original
// page the user requested. You just need to add that parameter here to gain access to it
// (assuming you want to redirect the user back to the original requested page rather than 
// some start page).
public ActionResult Login(Login model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        if (System.Web.Security.Membership.ValidateUser(model.Nombre, model.Pass))
        {
            FormsAuthentication.SetAuthCookie(model.Nombre, model.Recordarme);

            // Redirect so the next request can see the user as authenticated
            if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
            {
                return Redirect(returnUrl);
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }
        ViewBag.Error = "Usuario y/o contraseña incorrectos.";
    }
    return View(model);
}