Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / C#
 

Request.IsAuthenticated is Always True After Call FormsAuthentication.Signout()

5.00/5 (4 votes)
29 Jul 2016CPOL 37.4K  
This trick describes how to fix issue.

Introduction

When you work with Forms Authentication, the expected behaviour when you call FormsAuthentication.Signout() is that Http.Current.Request.IsAuthenticated will return false.

You are wrong.

Using the Code

C#
FormsAuthentication.SignOut();

When you check this:

C#
bool isAuthenticated = Request.IsAuthenticated;

the result is always true.

It's not what we expect when signout is performed.

Fix the Issue

To fix it after signout process, you need to assign new user like below:

C#
FormsAuthentication.SignOut();
HttpContext.Current.User =
    new GenericPrincipal(new GenericIdentity(string.Empty), null);

The new GenericPrincipal with GenericIdentity is assigned to user in current context. New identity with empty name and null as authentication type.

Then it works!

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2016 by Pawel Sienko
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-12-08:1