31

Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action.

Eg

if(userIsAuthorized) {
    //do stuff
}
else {
    //return to login page
}

I believe I am using 'Forms Authentication'

This question is kind of similar to this but none of the answers given seemed to work.

EDIT: I have done some more digging- it seems if I breakpoint on an Action that has [Authorize], the User.Identity is set, but on Actions without it, the User.Identity is empty, even if I am logged in

Improve this question
1
  • I have fixed my issue by using a hack-ish workaround, I am going to assume your answers are all correct and it is due to my strange implementation of authentication that things are strange... Commented Feb 5, 2010 at 3:46

5 Answers 5

Reset to default
59

If you just want to know if the user is logged in:

if (User.Identity.IsAuthenticated) { ... }

If you are trying to do anything role-specific:

if (User.IsInRole("Administrators")) { ... }

The User instance is a public property of the Controller class, so you always have access to it from a Controller you write. If no user is logged in you should have a GenericPrincipal for the User and a GenericIdentity for the User.Identity, so don't worry about checking for nulls.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Again, only gives me 'true' if used within an [Authorize]'d Action
@elwyn: I don't believe that's correct. I just tested it here on an action without the [Authorize] attribute and User.Identity.IsAuthenticated is true. Are you sure that the session is actually logged in when you are testing this?
@Aaronaught Yes, just double (triple) checked, definantly logged in while trying that, and still see false
-----In my non-[Authorize]'d Action: User.Identity {System.Security.Principal.GenericIdentity} [System.Security.Principal.GenericIdentity]: {System.Security.Principal.GenericIdentity} AuthenticationType: "" IsAuthenticated: false Name: "" -----In an Authorized one: User.Identity {System.Web.Security.FormsIdentity} [System.Web.Security.FormsIdentity]: {System.Web.Security.FormsIdentity} AuthenticationType: "Forms" IsAuthenticated: true Name: "admin"
@elwyin: Nothing I can do reproduces the behaviour that you seem to be seeing. You do not need the [Authorize] attribute for User and User.Identity to be valid. Do you have any other attributes on the Controller? Have you tried doing this in a new, clean MVC project, to make sure that nothing else in your app is interfering?
6

Request.IsAuthenticated should work for what you're trying to do.

Improve this answer

1 Comment

If I do that on an Action decorated with [Authorize] it works fine, however if I do that on this Action (not decorated with [Authorize]) it is always false, regardless of whether I am logged in or not.
1

I suggest first figuring out what kind of Authorization your using. ;)

The answer you posted is correct. From what I remember poking around the [Authorize] attribute and related ActionFilter code MVC internally calls Page.User.Identity.IsAuthenticated just like those code examples.

Improve this answer

1 Comment

Double checked and it is Forms Authentication
1

Create an attribute like this: OnActionExecuting will get executed first before other code from the action

     public class IsAuthenticatedAttribute : ActionFilterAttribute
        {
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {
               //do your validations here. and redirect to somewhere if needed. 
                filterContext.HttpContext.Response.Redirect("/") //this will send user to home.
            }
        }

on each action where you need to check, add attribute like this:

[IsAuthenticatedAttribute]
public ActionResult ActionName(parameters?)
{
     // no need to worry about checking here.
    //do you action things
}

EDIT: This one still completes the action and then only redirect it. Not so much useful.

Improve this answer

Comments

0

Put annotation [Authorize] in every your Action. Microsoft link. Example:

public class AdministrationController : Controller
{
     // GET: User/Create
       [Authorize]
        public ActionResult Create()
        { 
     }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.