Search
Search

Why does the user have to enter their correct credentials two times?

Caster Troy Published at Dev
19
Caster Troy 
public ActionResult Login(CredentialsModel model)
{
    authenticator.Authenticate(model.Username, model.Password);

    if (authenticator.Authenticated)
    {
        return Redirect();
    }
}

...

public class Authenticator : IAuthenticator
{
    public bool Authenticated
    {
        get { return HttpContext.Current.User.Identity.IsAuthenticated; }
    }

    public void Authenticate(string username, string password)
    {
        var authenticated = FormsAuthentication.Authenticate(username, password);
        if (authenticated)
            FormsAuthentication.SetAuthCookie(username, false);
    }

    public void Logout()
    {
       FormsAuthentication.SignOut();
    }
}

When the aforementioned action method supplies some valid credentials to the Authenticate method, the Authenticated property returns false which is clearly wrong.

When the action method supplies some credentials for a second time, the Authenticated property returns true.

I suspect this has something to with the fact that context is not updated immediately. I actually managed to resolve this bug by using the immediate return value of FormsAuthentication.Authenticate in the action method but I want to know why this bug occurs.

Adriano Repetti

Because in the HTTP context sent with/of first call user is not authenticated (but it'll correctly be after that, for subsequent calls). After this line:

var authenticated = FormsAuthentication.Authenticate(username, password);

You may see that authenticated != Authenticated. Why? From MSDN:

[HttpContext] Encapsulates all HTTP-specific information about an individual HTTP request.

It means that it works on request (your input) not on response or future state (your output). If you perform SignOut() inside your controller's method you'll also see that HttpContext.Current.User.Identity.IsAuthenticated is still true.

What you can do is to add a boolean return value for Authenticate():

public bool Authenticate(string username, string password)
{
    var authenticated = FormsAuthentication.Authenticate(username, password);
    if (authenticated)
        FormsAuthentication.SetAuthCookie(username, false);

    return authenticated:
}

Changing then code in controller to:

if (authenticator.Authenticate(model.Username, model.Password))
{
    return Redirect();
}

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Why do I have to enter my response two times for it to register?

Why is gitlab asking me to enter my user credentials?

Why does Azure AD (or other OIDC Idp) require to enter user credentials for sign-in after sign-out?

Why does my backend crashes when I enter wrong credentials?

Why does one need to compile two times to have a table of contents in the pdf?

Why does call glBindBuffer() two times?

Why does React render the page two times?

Why does OAuth 2 have Resource Owner Password Credentials Grant?

Why does my python function not return the correct times the letters are in the string?

Why does Read-Host require to hit enter 2 times enter before sending result?

Why does Fedora have two `ptmx` files?

Why does jQuery have two versions?

Why does this model have two activations?

Why does bootstrap have two fonts in Sass?

Why does this code have two different results?

Why does the rectangle have two different shades

Why does Chrome have two encoding settings?

Seeing user two times

Why does User Defaults publisher trigger multiple times

Why does this python comprehension repeat the user input multiple times?

Git clone fatal error, user credentials are correct

Why does my find command get executed two times?

Why does the 'init' method run in two times by the same object?

why does react js renders two times when setting a state

Laravel 8 Does Not Log Me In With Correct Credentials

Why does not enter if loops?

Why does powershell run from scheduled task not recognise aws-cli credentials in user directory?

NiFi: Why Does My User Have Insufficient Permissions?

Why does the end user have to log out twice?

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

  3. 3

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  4. 4

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  5. 5

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  6. 6

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  7. 7

    ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

  8. 8

    Using Response.Redirect with Friendly URLS in ASP.NET

  9. 9

    Can a 32-bit antivirus program protect you from 64-bit threats

  10. 10

    Double spacing in rmarkdown pdf

  11. 11

    How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

  12. 12

    3D Touch Peek Swipe Like Mail

  13. 13

    Bootstrap 5 Static Modal Still Closes when I Click Outside

  14. 14

    Assembly definition can't resolve namespaces from external packages

  15. 15

    Vector input in shiny R and then use it

  16. 16

    Emulator wrong screen resolution in Android Studio 1.3

  17. 17

    Svchost high CPU from Microsoft.BingWeather app errors

  18. 18

    Graphics Context misaligned on first paint

  19. 19

    Python connect to firebird docker database

  20. 20

    Is this docker-for-mac password dialog legit?

  21. 21

    How to save models trained locally in Amazon SageMaker?

HotTag

Archive