Request.IsAuthenticated
Original question that the answer below refers to:
I have a forms based application that is giving me fits. I noticed that, in a location where the IsAuthenticated property had been True, it was now false and the was not working as expected. I am wondering if I have a setting that is invalid??
Can anyone tell me what sets the IsAuthenticated property to True--what constitues logging in.
Answer by Daniel Kent:
Request.IsAuthenticated
is not just for forms authentciation - it is valid no matter what type of authentication is being used (Windows, Passport, Forms or our own custom scheme)
HttpRequest.IsAuthenticated
will be true when the user making the request has been authenticated. Essentially, this property provides the same information asContext.User.Identity.IsAuthenticated
.
At the start of a request, Context.User.Idenity
contains a GenericIdentity
with a null username. The IsAuthenticated
property for this object will return false
soRequest.IsAuthenticated
will be false
. When an authentication module handles theApplication_AuthenticateRequest
event and successfuly authenticates the user it replaces theGenericIdentity
in Context.User.Identity
with a new IIdentity
object that will returntrue
from its IsAuthenticated
property. Request.IsAuthenticated
will then return true
.
In the case of Forms authentication, the forms authentication module uses the encrypted authentication ticket contained in the authentication cookie to authenticate the user. Once it has done this, it replaces the GenericIdentity
in Context.User.Identity
with a FormsIdentity
object that returnsTrue
from its IsAuthenticated
property.
So, setting IsAuthenticated
to true
is actually different to logging in. As Jeff says, logging in to forms authentication happens when the authentication ticket is generated and sent to the client as a cookie. (RedirectFromLoginPage
or SetAuthCookie
) What we are talking about withIsAuthenticated
is authentication that happens with each page request. Logging in happens when a user enters their credentials and is issued a ticket, authentication happens with each request.
使用Request.IsAuthenticated时,一般要设置认证模式为:Passport或Forms,否则认证会得不到期望的结果。