I’m using the Facebook C# SDK, and I authenticate the user by their Facebook account. Once I’ve performed all the checks to “authenticate” them, I call FormsAuthentication.SetAuthCookie(email, false);
Does performing that call allow me to have access to User.Identity.IsAuthenticated within my actions? What about if I didn’t make that call?
I have some actions that will return different views based on their authentication status, and want to make sure User.Identity.IsAuthenticated is reliable in an MVC 4 app.
It is the FormsAuthentication HTTP module that is registered and which executes on each request. This module is automatically registered when you specify
mode="Forms"in your web.config’s<authentication>tag. It is this same module which intercepts all 401 responses and automatically redirects the user to the LogOn page (which sometimes is not a desired behavior as the end result is HTTP status code of 200).So to answer your questions:
Not exactly. This call only emits the forms authentication cookie to the response. It is the HTTP module which is responsible for intercepting the request and if this request contains the cookie it will set the
User.Identity.