Home/ Questions/Q 8952863
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T13:58:03+00:00

I have the following methods responsible for login authentication: [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public ActionResult

  • 0

I have the following methods responsible for login authentication:

 [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult Login(LoginModel loginModel, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            //if (Membership.ValidateUser(loginModel.UserName, loginModel.Password))
            var session = RMWebClientBL.Sessions.Login(loginModel.UserName, loginModel.Password);
            if(session != null && !session.IsFailed && session.SessionId != Guid.Empty)
            {
                SetAuthCookie(loginModel, session);
                RedirectToLocal(returnUrl);
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View();
    }

    private void SetAuthCookie(LoginModel loginModel, DomainObjects.Sessions.SessionDetails session)
    {
        // create encryption cookie         
        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
                loginModel.UserName,
                DateTime.Now,
                //TODO: make it configurable!!!!
                DateTime.Now.AddMinutes(20),
                loginModel.RememberMe,
                session.SessionId.ToString());

        // add cookie to response stream         
        string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
        System.Web.HttpCookie authCookie = new System.Web.HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
        if (authTicket.IsPersistent)
        {
            authCookie.Expires = authTicket.Expiration;
        }
        System.Web.HttpContext.Current.Response.Cookies.Add(authCookie);  
    }

    private ActionResult RedirectToLocal(string returnUrl)
    {
        if (Url.IsLocalUrl(returnUrl))
        {

           return Redirect(returnUrl);
        }
        else
        {
            return RedirectToAction("Index", "Home");
        }
    }

However when i am trying to login “User.Identity.IsAuthenticated” is still false after setting the cookie, BUT it seems that i am logged in because if i am clikcing on our logo which redirects me to the Homepage i am authenticated.
why i am not being able to redirect after logging in?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Found the solution it was a silly thing after all:
    the problem was on the following method:

      public ActionResult Login(LoginModel loginModel, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            //if (Membership.ValidateUser(loginModel.UserName, loginModel.Password))
            var session = RMWebClientBL.Sessions.Login(loginModel.UserName, loginModel.Password);
            if(session != null && !session.IsFailed && session.SessionId != Guid.Empty)
            {
                SetAuthCookie(loginModel, session);
                return RedirectToLocal(returnUrl);
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View();
    }

    as you can see i’ve added “return” to

    return RedirectToLocal(returnUrl);

    the problem was that the “return” keyword missing so i always got to the last row which is :

    return View();

    thats way i was always getting back to my login page while not addressing the right page.

    • 0