Original question that the answer below refers to:
I have a forms based application that is giving me fits. I noticed that, in a location where the IsAuthenticated property had been True, it was now false and the was not working as expected. I am wondering if I have a setting that is invalid??
Can anyone tell me what sets the IsAuthenticated property to True--what constitues logging in.
Answer by Daniel Kent:
Request.IsAuthenticated is not just for forms authentciation - it is valid no matter what type of authentication is being used (Windows, Passport, Forms or our own custom scheme)
HttpRequest.IsAuthenticated will be true when the user making the request has been authenticated. Essentially, this property provides the same information asContext.User.Identity.IsAuthenticated.
At the start of a request, Context.User.Idenity contains a GenericIdentity with a null username. The IsAuthenticated property for this object will return false soRequest.IsAuthenticated will be false. When an authentication module handles theApplication_AuthenticateRequest event and successfuly authenticates the user it replaces theGenericIdentity in Context.User.Identity with a new IIdentity object that will returntrue from its IsAuthenticated property. Request.IsAuthenticated will then return true.
In the case of Forms authentication, the forms authentication module uses the encrypted authentication ticket contained in the authentication cookie to authenticate the user. Once it has done this, it replaces the GenericIdentity in Context.User.Identity with a FormsIdentity object that returnsTrue from its IsAuthenticated property.
So, setting IsAuthenticated to true is actually different to logging in. As Jeff says, logging in to forms authentication happens when the authentication ticket is generated and sent to the client as a cookie. (RedirectFromLoginPage or SetAuthCookie) What we are talking about withIsAuthenticated is authentication that happens with each page request. Logging in happens when a user enters their credentials and is issued a ticket, authentication happens with each request.
使用Request.IsAuthenticated时,一般要设置认证模式为:Passport或Forms,否则认证会得不到期望的结果。