MSDN Code Sample Description: The following code example uses the IsAuthenticated property to determine whether the current request has been authenticated. If it has not been authenticated, the request is redirected to another page where users can enter their credentials into the Web application. This is a common technique used in the default page for an application.
This is great but no detail or anything…
What exactly is it checking for? How do I set it to true?
Go the extra mile: Where would I find more detailed documentation about this?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Thanks to Google, I found a cached version of the post @keyboardP refers to in his answer. I’m posting that answer/post here as a reference for others since the original link is broken (2012-12-06).
Original question that the answer below refers to:
I have a forms based application that is giving me fits. I noticed that, in
a location where the IsAuthenticated property had been True, it was now
false and the was not working as expected. I am wondering if I have a
setting that is invalid??
Can anyone tell me what sets the IsAuthenticated property to True–what
constitues logging in.
Answer by Daniel Kent:
Request.IsAuthenticated is not just for forms authentciation – it is valid
no matter what type of authentication is being used (Windows, Passport,
Forms or our own custom scheme)
HttpRequest.IsAuthenticated will be true when the user making the request
has been authenticated. Essentially, this property provides the same
information as Context.User.Identity.IsAuthenticated.
At the start of a request, Context.User.Idenity contains a GenericIdentity
with a null username. The IsAuthenticated property for this object will
return false so Request.IsAuthenticated will be false. When an
authentication module handles the Application_AuthenticateRequest event and
successfuly authenticates the user it replaces the GenericIdentity in
Context.User.Identity with a new IIdentity object that will return true from
its IsAuthenticated property. Request.IsAuthenticated will then return true.
In the case of Forms authentication, the forms authentication module uses
the encrypted authentication ticket contained in the authentication cookie
to authenticate the user. Once it has done this, it replaces the
GenericIdentity in Context.User.Identity with a FormsIdentity object that
returns True from its IsAuthenticated property.
So, setting IsAuthenticated to true is actually different to logging in. As
Jeff says, logging in to forms authentication happens when the
authentication ticket is generated and sent to the client as a cookie.
(RedirectFromLoginPage or SetAuthCookie) What we are talking about with
IsAuthenticated is authentication that happens with each page request.
Logging in happens when a user enters their credentials and is issued a
ticket, authentication happens with each request.
Method 2
There’s a quite detailed post by Daniel Kent here. (Snippet)
Request.IsAuthenticated is
not just for forms authentciation – it
is valid no matter what type of
authentication is being used (Windows,
Passport, Forms or our own custom
scheme)HttpRequest.IsAuthenticated will be
true when the user making the request
has been authenticated. Essentially,
this property provides the same
information as
Context.User.Identity.IsAuthenticated.
Method 3
Decompiling HttpRequest IsAuthenticated, it looks like this
public bool IsAuthenticated {
get {
return(_context.User != null
&& _context.User.Identity != null
&& _context.User.Identity.IsAuthenticated);
}
}
line 1373
https://referencesource.microsoft.com/#system.web/HttpRequest.cs
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0