How does Request.IsAuthenticated work?
MSDN Code Sample Description: The following code example uses the IsAuthenticated property to determine whether the current request has been authenticated. If it has not been authenticated, the request is redirected to another page where users can enter their credentials into the Web application. This is a common technique used in the default page for an application.
This is great but no detail or anything...
What exactly is it checking for? How do I set it to true?
Go the extra mile: Where would I find more detailed documentation about this?
Solution 1:
Thanks to Google, I found a cached version of the post @keyboardP refers to in his answer. I'm posting that answer/post here as a reference for others since the original link is broken (2012-12-06).
Original question that the answer below refers to:
I have a forms based application that is giving me fits. I noticed that, in a location where the IsAuthenticated property had been True, it was now false and the was not working as expected. I am wondering if I have a setting that is invalid??
Can anyone tell me what sets the IsAuthenticated property to True--what constitues logging in.
Answer by Daniel Kent:
Request.IsAuthenticated
is not just for forms authentciation - it is valid
no matter what type of authentication is being used (Windows, Passport,
Forms or our own custom scheme)
HttpRequest.IsAuthenticated
will be true when the user making the request
has been authenticated. Essentially, this property provides the same
information as Context.User.Identity.IsAuthenticated
.
At the start of a request, Context.User.Idenity
contains a GenericIdentity
with a null username. The IsAuthenticated
property for this object will
return false
so Request.IsAuthenticated
will be false
. When an
authentication module handles the Application_AuthenticateRequest
event and
successfuly authenticates the user it replaces the GenericIdentity
in
Context.User.Identity
with a new IIdentity
object that will return true
from
its IsAuthenticated
property. Request.IsAuthenticated
will then return true
.
In the case of Forms authentication, the forms authentication module uses
the encrypted authentication ticket contained in the authentication cookie
to authenticate the user. Once it has done this, it replaces the
GenericIdentity
in Context.User.Identity
with a FormsIdentity
object that
returns True
from its IsAuthenticated
property.
So, setting IsAuthenticated
to true
is actually different to logging in. As
Jeff says, logging in to forms authentication happens when the
authentication ticket is generated and sent to the client as a cookie.
(RedirectFromLoginPage
or SetAuthCookie
) What we are talking about with
IsAuthenticated
is authentication that happens with each page request.
Logging in happens when a user enters their credentials and is issued a
ticket, authentication happens with each request.
Solution 2:
There's a quite detailed post by Daniel Kent here. (Snippet)
Request.IsAuthenticated is not just for forms authentciation - it is valid no matter what type of authentication is being used (Windows, Passport, Forms or our own custom scheme)
HttpRequest.IsAuthenticated will be true when the user making the request has been authenticated. Essentially, this property provides the same information as Context.User.Identity.IsAuthenticated.