public ActionResult Login(CredentialsModel model)
{
authenticator.Authenticate(model.Username, model.Password);
if (authenticator.Authenticated)
{
return Redirect();
}
}
...
public class Authenticator : IAuthenticator
{
public bool Authenticated
{
get { return HttpContext.Current.User.Identity.IsAuthenticated; }
}
public void Authenticate(string username, string password)
{
var authenticated = FormsAuthentication.Authenticate(username, password);
if (authenticated)
FormsAuthentication.SetAuthCookie(username, false);
}
public void Logout()
{
FormsAuthentication.SignOut();
}
}
When the aforementioned action method supplies some valid credentials to the Authenticate
method, the Authenticated
property returns false which is clearly wrong.
When the action method supplies some credentials for a second time, the Authenticated
property returns true.
I suspect this has something to with the fact that context is not updated immediately. I actually managed to resolve this bug by using the immediate return value of FormsAuthentication.Authenticate
in the action method but I want to know why this bug occurs.
Because in the HTTP context sent with/of first call user is not authenticated (but it'll correctly be after that, for subsequent calls). After this line:
var authenticated = FormsAuthentication.Authenticate(username, password);
You may see that authenticated != Authenticated
. Why? From MSDN:
[HttpContext] Encapsulates all HTTP-specific information about an individual HTTP request.
It means that it works on request (your input) not on response or future state (your output). If you perform SignOut()
inside your controller's method you'll also see that HttpContext.Current.User.Identity.IsAuthenticated
is still true
.
What you can do is to add a boolean return value for Authenticate()
:
public bool Authenticate(string username, string password)
{
var authenticated = FormsAuthentication.Authenticate(username, password);
if (authenticated)
FormsAuthentication.SetAuthCookie(username, false);
return authenticated:
}
Changing then code in controller to:
if (authenticator.Authenticate(model.Username, model.Password))
{
return Redirect();
}
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments