Request.IsAuthenticated Return False all the time

Asked 12/11, 2013 at 15:39 Answered 10/3, 2015 at 11:54

Solved asp.net-mvc-3 asp.net-mvc-4 telerik-mvc

I am having an issue with my Request.IsAuthenticated always return false. I am setting the AuthCookie

 CurrentRequest currentRequest = null;

            if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
            {
                return Redirect(returnUrl);
            } else if (login.ValidateUser(acct.UserName, acct.Password))
            {
FormsAuthentication.SetAuthCookie(acct.UserName, true); //Edit on 11/12 @11:08
                currentRequest = new CurrentRequest();
                SessionWrapper.currentRequest = currentRequest;
                return RedirectToAction("About", "Home");
            }

//This is a partial login page that is supposed to display login or Logoff.

@using KMSS.Helper;

// this is always false

    @if (Request.IsAuthenticated) //Same issue with User.Identity.IsAuthenticated
    {
        if (SessionWrapper.currentRequest != null)
        {
            <text> Welcome <strong> @SessionWrapper.currentRequest.Username </strong>
                [@Html.ActionLink("Sign Off", "Logoff", "Account")]
            </text>
        } else {
           @: [ @Html.ActionLink("Sign In", "Login", "Account") ]
        }
    } else
    {

       @:[ @Html.ActionLink("Sign In", "Login", "Account") ]
  }

After reading online, I created a class with a bool value and tries to use that class instead. However, I am getting the object is not set to instance of a new variable exception. Here is how I had it set up: //Partial Login page

@model KMSS.Helper.ViewModelAuthenticate;

// this is always false

    @if (Model.IsAuthenticated) 
//The model is null even though I create create a reference in the Login Method i.e.     
(ViewModelAuthenticate auth = new ViewModelAuthenticate();
    {
        if (SessionWrapper.currentRequest != null)
        {
            <text> Welcome <strong> @SessionWrapper.currentRequest.Username </strong>
                [@Html.ActionLink("Sign Off", "Logoff", "Account")]
            </text>
        } else {
           @: [ @Html.ActionLink("Sign In", "Login", "Account") ]
        }
    } else
    {

       @:[ @Html.ActionLink("Sign In", "Login", "Account") ]
  }

//Here is the class public class ViewModelAuthenticate { public bool IsAuthenticate { get; set; } }

//Here is where I am initializing the class in the controller

 public ActionResult Login()
        {
           ViewModelAuthenticate auth = new ViewModelAuthenticate();
            auth.IsAuthenticate = false;
            return View();
        }

//I tried this inside and outside of Login, and it is called before the partial login view. However, I am still getting the object is not set to instance of a new variable exception. What am I doing wrong here? Your help will be appreciated.

//Showing the authentication section of the config file.

 <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" slidingExpiration="true" />
    </authentication>

Lehmann answered 12/11, 2013 at 15:39 Comment(4)

Not an answer, but are you really setting the auth cookie before you validate the login? – Jeepers 12/11, 2013 at 15:51

@Tommy, Thanks. I was moving and trying things, and I forget to move it back in. – Lehmann 12/11, 2013 at 16:7

have you checked that the authentication element of your web.config is correct ? Could you post it ? – Receiptor 12/11, 2013 at 16:28

@jbl, I edited the question and add the authentication section of my web.config file. – Lehmann 12/11, 2013 at 16:43

I replaced my authentication section with this sample that a sample that I found here. It is working now.

Lehmann answered 12/11, 2013 at 17:49 Comment(3)

I ever had the same problem, but I think you must set FormsAuthentication.SetAuthCookie(acct.UserName, true); after validating user and make sure you set <authentication mode="Forms"> in web.config – Communication 6/4, 2014 at 6:52

Scratching my head for 2 hours, trying to figure out what was wrong. Only to find I hadn't set <authentication mode="Forms"> in web.config. – Hypoblast 14/4, 2014 at 3:27

Just to clarify further, this is added into the web.config file of the solution, not the views folder. You can add it like <authentication mode="Forms"><forms loginUrl="~/UserAdmin/LogIn" timeout="2880" /></authentication> within the <system.web> tag. – Cambium 19/8, 2014 at 9:30

Looking at your code, I feel that there is more going on here than you are showing us. Specifically, the variables CurrentRequest and SessionWrapper, setting them to null on the beginning of the Action method call, etc. I would suggest trying a basic, bare bones example in your project and then begin to add items back in as needed. No AJAX, only full page post back to the server from your login form. Such an example would look like:

Login View Model

public class LoginViewModel{
   [Required]
   public string UserName {get;set;}

   [Required]
   public string Password {get;set;}
}

Login POST Action method

[HttpPost]
public ActionResult Login(LoginViewModel model, string returnUrl){
   if(!ModelState.IsValid){
       return View();
   }
   if(!provider.ValidateUser(model.UserName, model.Password){
       ModelState.AddModelError("", "The username/password combination does not match");
       return View();
   }
   FormAuthentication.SetAuthCookie(model.UserName, true);
   if(!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl){
       return Redirect(returnUrl);
   }
   return RedirectToAction("About", "Home");
}

About View

@if(Request.IsAuthenticated){
   <b>It WORKS!!</b>
}else{
   <b>Nope, still not working</b>
}

Jeepers answered 12/11, 2013 at 16:20 Comment(3)

I have an object of type CurrentRequest that I wrapped in a session wrapper. When users submit requests, they want to see some of their requests' information carry out from page to page. I used the session wrapper to carry that information throughout the pages. I have a class KMSSAccountLogin that inherits System.Web.Security.MembershipProvider which I am using to validate the user. I copy and paste your code and made some changes so I can validate the user. I ran the application,and the message is always: Nope, still not working. – Lehmann 12/11, 2013 at 16:37

Does your browser settings allow cookies? If you inspect the request (after you have logged in), do you see a .ASPXAUTH cookie being included with the request? Is this on localhost or a deployed server? – Jeepers 12/11, 2013 at 16:41

Yes, there is an .ASPXAUTH in the request. – Lehmann 12/11, 2013 at 16:42

I was testing and I set my time back a few days. For someone reason it caused this issue after putting the date back it was fine. I assume windows forms had the old date (which was todays date) cached so I assume it was expired. Just a thought about the matter.

Bridgework answered 10/3, 2015 at 11:54 Comment(0)

Recommended topics

Hot tags