Why is system.web.httpcontext.current.user.identity.isauthenticated always false?

David Anderson 206 Reputation points
2021-09-06T12:08:43.327+00:00

A Google search reveals that many other people have struggled to understand why system.web.httpcontext.current.user.identity.isauthenticated is False when a user is already logged in. However, there is a very wide range of answers, from trivial Web.config changes to the creation of a large amount of extra coding.

The easy answers don't work for me and the complex answers are over my head. Many of the solutions are also irrelevant, as I use Web Forms, not MVC.

I only installed ASP.NET Identity to my Web Application about a week ago and most of my authentication code still uses the standard template provided by Microsoft. I'm not using social media sign in or two-factor authentication.

Registration and Login are both working fine. I have also successfully used the NuGet Package Manager Console to add new columns to the AspNetUsers table (RegistrationDate & LastLoginDate), but the code I added to Login.aspx.vb to store a value for LastLoginDate is not working. This code depends on being able to confirm that the user has logged in.

As system.web.httpcontext.current.user.identity.isauthenticated always returns False, my added code is never executed.

Any help would be much appreciated.

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,251 questions
VB
VB
An object-oriented programming language developed by Microsoft that is implemented on the .NET Framework. Previously known as Visual Basic .NET.
2,568 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AgaveJoe 26,191 Reputation points
    2021-09-06T13:39:30.95+00:00

    The community needs a code sample and the steps to reproduce the issue. The Individual Account template uses an authentication cookie created in the Login.aspx page. 

    Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout := False)

    Place a break point in Login.aspx.vb and check the value of result in the line of code above. Also, your other thread(s) indicate you've changed the template to login with a username rather than an email address. Have you verified the username you are using matches a username in the table?

    As system.web.httpcontext.current.user.identity.isauthenticated always returns False, my added code is never executed.

    Lastly, if you are checking User.Identity.IsAuthenticated in the login.aspx code behind then false is correct because the current request is not authenticated. The login.aspx logic adds an authentication cookie to the HTTP response. The next request will authentication because the cookie will be sent by the browser.

    A little light troubleshooting should help you find the bug.

  2. David Anderson 206 Reputation points
    2021-09-06T16:20:32.957+00:00

    I had placed my code just before the IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response) statement in Login.aspx.vb, so that my code would be executed before the user was redirected to another page.

    I tried moving my code after that statement and the results were as I expected. Debugging showed that my code never got a chance to be executed.

    I'm still confused....

  3. KAMEL MANSOURI 1 Reputation point
    2021-11-19T01:41:15.427+00:00

    check this 

                   bool result = HttpContext.User.Identity.IsAuthenticated; // false
                List<Claim> claims = new List<Claim>
                {
                    new Claim(ClaimTypes.Name, model.PhoneNumber)
                };                 
                var claim = new Claim(model.PhoneNumber,model.Password);
                var identity = new ClaimsIdentity(new[] { claim }, "BasicAuthentication"); // this uses basic auth
                var principal = new ClaimsPrincipal(identity);
                HttpContext.User = principal;

    bool result = HttpContext.User.Identity.IsAuthenticated; // true