Request.IsAuthenticated is Always True After Call FormsAuthentication.Signout()
5.00/5 (4 votes)
This trick describes how to fix issue.
Introduction
When you work with Forms Authentication, the expected behaviour when you call FormsAuthentication.Signout() is that Http.Current.Request.IsAuthenticated will return false.
You are wrong.
Using the Code
FormsAuthentication.SignOut();
When you check this:
bool isAuthenticated = Request.IsAuthenticated;
the result is always true.
It's not what we expect when signout is performed.
Fix the Issue
To fix it after signout process, you need to assign new user like below:
FormsAuthentication.SignOut();
HttpContext.Current.User =
new GenericPrincipal(new GenericIdentity(string.Empty), null);
The new GenericPrincipal with GenericIdentity is assigned to user in current context. New identity with empty name and null as authentication type.
Then it works!