I created a brand new ASP.NET MVC 5 project to test the [Authorize] attribute with FormsAuthentication.SetAuthCookie. I simply set a cookie in one action (in my Home controller):
public ActionResult About()
{
FormsAuthentication.SetAuthCookie("someUser", false);
And I limit access to another:
[Authorize]
public ActionResult Contact()
{
When I launch my web page and navigate to /home/contact, I am correctly redirected to a login page. Then I go to /home/about, get my cookie, and go back to the contact page. But I'm still redirected to the login page -- the cookie does not authenticate/authorize me.
In the debugger, HttpContext.User.Identity.IsAuthenticated == false when I load the About page multiple times (that is to say, it never sees me as being authenticated even after setting an auth cookie).
Is there some extra step that must be done here? I shouldn't need to set my own IPrincipal for basic authentication, should I?
See Question&Answers more detail:os
