CODEWITHSUNDEEP
c#asp.netasp.net-mvc-5
user6889331
user6889331

Reputation:

IsAuthenticated is false

I'm trying to add a Logout button on my navbar as soon as I log in, but for some reasons Request.IsAuthenticated keeps being false, I don't understand why. I use UserAuthenticationFilter to block visiting on other pages unless you log on, but I doubt it's related.

A small snippet of my Logout method from User controller

{
    public class UserController : Controller
    {
        [UserAuthenticationFilter]
        [HttpGet]
        public ActionResult Management()
        {
            using (CarsDBEntities db = new CarsDBEntities())
            {
                return View(db.Users.ToList());
            }
        }
        [UserAuthenticationFilter]
        public ActionResult Register()
        {
            return View();
        }
        [UserAuthenticationFilter]
        [HttpPost]
        public ActionResult Register(User user)
        {
            if (ModelState.IsValid)
            {
                using (CarsDBEntities db = new CarsDBEntities())
                {
                    db.Users.Add(user);
                    db.SaveChanges();
                }
                ModelState.Clear();
                ViewBag.Message = user.FirstName + " " + user.LastName + " successfully registered.";
            }
            return View();
        }

        public ActionResult Login()
        {
            return View();
        }

        [HttpPost]
        public ActionResult Login(User user)
        {
            using (CarsDBEntities db = new CarsDBEntities())
            {
                var usr = db.Users.SingleOrDefault(u => u.Email == user.Email && u.Password == user.Password);
                if (usr != null)
                {
                    Session["UserId"] = usr.UserId.ToString();
                    Session["Email"] = usr.Email.ToString();
                    Session["FirstName"] = usr.FirstName.ToString();
                    Session["LastName"] = usr.LastName.ToString();
                    return RedirectToAction("LoggedIn");
                }
                else
                {
                    ModelState.AddModelError("", "Email or Password is incorrect!");
                }
                return View();
            }
        }
        [UserAuthenticationFilter]
        public ActionResult LoggedIn()
        {
            if (Session["UserId"] != null)
            {
                return RedirectToAction("Management");
            }
            else
            {
                return RedirectToAction("Login");
            }
        }
        [ValidateAntiForgeryToken]
        [HttpPost]
        [Authorize]
        public ActionResult Logout()
        {
            FormsAuthentication.SignOut();
            Session.Abandon();
            return RedirectToAction("Login", "User");
        }
    }
}

_LoginPartial.cshtml

@using Microsoft.AspNet.Identity
@if (Request.IsAuthenticated)
{
        using (Html.BeginForm("Logout", "User", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
        {
        @Html.AntiForgeryToken()

            <ul class="nav navbar-nav navbar-right">
                <li>@Html.ActionLink(User.Identity.GetUserName(), "User", "Management")</li>
                <li>@Html.ActionLink("Log out", "Logout", "User")</li>
                <li><a href="javascript:document.getElementById('logoutForm').submit">Log off</a></li>
            </ul>
        }
    }
    else
    {
        <ul class="nav navbar-nav navbar-right">
            <li>@Html.ActionLink("Log in", "Login", "User")</li>
        </ul>

    }
}

It should be Log out instead of Log in on this navbar once I'm logged in. enter image description here

Upvotes: 0

Views: 119

Answers (1)

rjs123431
rjs123431

Reputation: 688

You need to tell the FormsAuthentication that the user has logged in.

public ActionResult Login(User user)
    {
        using (CarsDBEntities db = new CarsDBEntities())
        {
            var usr = db.Users.FirstOrDefault(u => u.Email == user.Email && u.Password == user.Password);
            if (usr != null)
            {
                FormsAuthentication.SetAuthCookie(usr.Email, false);  // add this
                Session["UserId"] = usr.UserId.ToString();
                Session["Email"] = usr.Email.ToString();
                Session["FirstName"] = usr.FirstName.ToString();
                Session["LastName"] = usr.LastName.ToString();
                return RedirectToAction("LoggedIn");
            }
            else
            {
                ModelState.AddModelError("", "Email or Password is incorrect!");
            }
            return View();
        }
    }

Also, please use FirstOrDefault over SingleOrDefault

Upvotes: 1

Related Questions