ASP.NET

User.Identity.IsAuthenticated = true when Membership db is empty RSS

5 replies

Last post Nov 26, 2012 03:34 PM by BrockAllen

‹ Previous Thread|Next Thread ›

- Reply
GorillaMann

Member

117 Points

332 Posts

User.Identity.IsAuthenticated = true when Membership db is empty

Nov 24, 2012 04:47 PM|LINK

I deleted all the stuff from these tables but didn't log out.

select * from AspMembership.dbo.aspnet_Membership
select * from AspMembership.dbo.aspnet_Profile
select * from AspMembership.dbo.aspnet_Users

I refreshed the page so how come my (User.Identity.IsAuthenticated) still returns true?

thanks!
- Reply
BrockAllen

All-Star

27554 Points

4912 Posts

MVP

Re: User.Identity.IsAuthenticated = true when Membership db is empty

Nov 24, 2012 06:19 PM|LINK

Because the user is authenticated due to the token they're presenting on the web request. The token is a cookie and the cookie contains the username. They will be authenticated unitl that cookie expires or is destroyed. It has nothing to do with the database.

Brock Allen | http://brockallen.com
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
- Marked as answer by GorillaMann on Nov 26, 2012 03:06 PM
- Reply
GorillaMann

Member

117 Points

332 Posts

Re: User.Identity.IsAuthenticated = true when Membership db is empty

Nov 26, 2012 03:06 PM|LINK

Does that mean that anyone can create a fake authenticated cookie?
- Reply
BrockAllen

All-Star

27554 Points

4912 Posts

MVP

Re: User.Identity.IsAuthenticated = true when Membership db is empty

Nov 26, 2012 03:17 PM|LINK

No the cookie contains a token that is signed with a key that only the server has.

Brock Allen | http://brockallen.com
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
- Reply
GorillaMann

Member

117 Points

332 Posts

Re: User.Identity.IsAuthenticated = true when Membership db is empty

Nov 26, 2012 03:29 PM|LINK

so how does the app know its valid? what is the result?
- Reply
BrockAllen

All-Star

27554 Points

4912 Posts

MVP

Re: User.Identity.IsAuthenticated = true when Membership db is empty

Nov 26, 2012 03:34 PM|LINK

This is all part of forms auth in ASP.NET. I suggest you read up:

http://msdn.microsoft.com/en-us/library/ff647070.aspx

Brock Allen | http://brockallen.com
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
- Marked as answer by GorillaMann on Nov 27, 2012 11:29 AM

‹ Previous Thread|Next Thread ›

User.Identity.IsAuthenticated = true when Membership db is empty RSS

5 replies

GorillaMann

User.Identity.IsAuthenticated = true when Membership db is empty

BrockAllen

Re: User.Identity.IsAuthenticated = true when Membership db is empty

GorillaMann

Re: User.Identity.IsAuthenticated = true when Membership db is empty

BrockAllen

Re: User.Identity.IsAuthenticated = true when Membership db is empty

GorillaMann

Re: User.Identity.IsAuthenticated = true when Membership db is empty

BrockAllen

Re: User.Identity.IsAuthenticated = true when Membership db is empty

This site is managed for Microsoft by Neudesic, LLC. | © 2013 Microsoft. All rights reserved.

Follow Us On:

Microsoft