How to check if user is logged in

Question

I have created a Login page where users must provide username and password to have access to some specific resources, where they can upload images, or just edit some description about themselves. My web.config file looks like this:

    <authentication mode="Forms">
      <forms loginUrl="Secure/Login.aspx" defaultUrl="index.aspx" name=".ASPXFORMSAUTH" timeout="30"/>
    </authentication>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>

<location path="Secure">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

So when the user has typed in the username and pw, he is redirected to the index.aspx page. Depending wether the user is logged in or not, the index.aspx should show or hide some stuff. This is how I check if he is logged in:

bool isLoggedIn = HttpContext.Current.User.Identity.IsAuthenticated;  
    if (isLoggedIn) 
    {
        placeHolder2.Visible = true;
        ...
    }

Now the problem is that the: HttpContext.Current.User.Identity.IsAuthenticated; ALWAYS returns true, so unauthorised people will be seeing the stuff that should be hidden.

I am not sure about the: HttpContext.Current.User.Identity.IsAuthenticated; I just googled "How to check if user is logged in", and suggestions were the: HttpContext.Current.User.Identity.IsAuthenticated;

I want only the people that are logged in to view the private stuff. How do I go about this? How do I make the: HttpContext.Current.User.Identity.IsAuthenticated only return true when the user is logged in? Thanks

duplicate of http://stackoverflow.com/questions/6086529/how-to-check-user-is-logged-in-in-asp-net-c — Avitus, Aug 01 '13 at 23:27
I've seen that thread, but it doesn't help me solve my problem — AomSet, Aug 01 '13 at 23:45
Is HttpContext.Current.User.Identity.IsAuthenticated true for anonymous user too? — Win, Aug 02 '13 at 00:05

score 8 · Answer 1 · edited Jun 16 '15 at 05:29

8

if (Request.IsAuthenticated) {.....}

edit based on some comments Authenticated via "Forms", check here

HttpContext.Current.User.Identity.IsAuthenticated // will be "Forms" if using forms based auth // "Negotiate" is using windows integrated // etc

If using .net 4.5 and you wanted "SET" user claims. The ClaimsPrincipal is recommended reading

edited Jun 16 '15 at 05:29

fbarikzehy

4,885
2
33
39

answered Aug 01 '13 at 23:52

phil soady

11,043
5
50
95

`HttpContext.Current.User.Identity.IsAuthenticated` and `HttpContext.Current.Request.IsAuthenticated` are same. In other words, according to OP, using `Request.IsAuthenticated` won't make different because it will also return true. – Win Aug 01 '13 at 23:59
The: Request.IsAuthenticated gives the desired behavior, but the to above doesn't. Those were the ones that I already tried. And thanks, it works with: Request.IsAuthenticated – AomSet Aug 02 '13 at 00:05
I was wrong, it didnt fix it, still the same problem. So far I found out why it returns true, even if the user has not logged in. The: HttpContext.Current.User.Identity.IsAuthenticated returns the name on my computer (host address/name). Why is that so? I should instead check if the user has logged in with username and password – AomSet Aug 02 '13 at 00:24

score 3 · Answer 2 · answered Aug 02 '13 at 00:25

3

bool isLoggedIn = System.Web.HttpContext.Current.User.Identity.IsAuthenticated

answered Aug 02 '13 at 00:25

Erick Vargas

51
8

score 1 · Answer 3 · edited Aug 26 '14 at 02:05

1

My coding is

bool val1 = (System.Web.HttpContext.Current.User != null) &&
    (System.Web.HttpContext.Current.User.Identity.IsAuthenticated) &&
    (System.Web.HttpContext.Current.User.Identity.AuthenticationType.ToString() == "Forms");

for identifying the users with domain login and logged in form

edited Aug 26 '14 at 02:05

David Gorsline

4,933
12
31
36

answered Aug 26 '14 at 01:43

Marc Zeroc

19
1

How to check if user is logged in

3 Answers3

Linked