Home/ Questions/Q 8310621
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T19:31:33+00:00

I am having different values of HttpContext object in my global.asax Application_AuthenticateRequest method and

  • 0

I am having different values of HttpContext object in my global.asax Application_AuthenticateRequest method and on the Authorize attribute filterContext’s HttpContext and also the controller Context.

I have set the application to run Single Sign on. Here is my web.config: 

<authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" name="FormsAuth" timeout="2880000"  domain="domain.com" slidingExpiration="true" defaultUrl="~/home/index"/>
    </authentication>

Then on log in, after validating the user, the authentication cookie is set.

FormsAuthentication.SetAuthCookie(userName, true);

Here is the problem now, when the breakpoint is hit on global asax Application_AuthenticateRequest method, the Request.IsAuthenticated is true, but when it hit the Authorize attribute’s OnAuthorize method, its filterContext.HttpContext.Request.IsAuthenticated is false. The page will always be redirected to the log on page even though the user is valid.

Can someone explain why is this so? Or any blog forums explaining the internal working of httpcontext in asp.net mvc. It seems Core ASP.NET httpcontext and MVC httpcontext is having different value in this case.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I just made a test using MVC3 and in both cases the IsAuthenticated property returns true if the user was authenticated correctly:

    Code used:

    Global.asax

    protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
    this.Context.Trace.Warn("From global asax: " + this.Context.Request.IsAuthenticated.ToString());
}

    Custom Authorization filter

    public class CustomAuthorization : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        HttpContext.Current.Trace.Warn("from attribute: " + filterContext.RequestContext.HttpContext.Request.IsAuthenticated.ToString());
        base.OnAuthorization(filterContext);
    }
}

    I hope this helps you to find the problem

    • 0