How Do I Detect If the Current User is Logged In?

This snippets demonstrates how to check whether a user is logged in or not. The code also shows how you can extract the UserData from the Ticket that is retrieved from the User Identity.
if (HttpContext.Current.User.Identity.Name != null)
{
  if(HttpContext.Current.User.Identity.Name.Length != 0)
  {
    FormsIdentity id = (FormsIdentity) User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;
    string MyUserData = ticket.UserData;
  }
}

Where to Next?

Wonder where to go next? You can read existing comments below or you can post a comment yourself on this article .


Consider making a donation
Please consider making a donation using PayPal. Your donation helps me to pay the bills so I can keep running Imar.Spaanjaars.Com, providing fresh content as often as possible.



Feedback by Other Visitors of Imar.Spaanjaars.Com

On Monday, May 08, 2006 1:07:13 PM Kalpna said:
This seems ok but the problem is user is not logged out even though he signs out so what should I write at log out button click event?
Here is the issue,
We have windows authentication and eventhough I write session.abandon or formsauthentication.signout() when I again type that path in same windows it shows me all the information which it should not.
Pl help.Thanks.
On Monday, May 08, 2006 4:48:00 PM Imar Spaanjaars said:
Hi Kalpna ,

When you're using Windows Authentication, the user is always authenticated.

Using FormsAuthentication.Signout is only useful when you're using FormsAuthentication, not Windows authentication.

Take a look here for more info:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGExplained0001.asp

Hope this helps,

Imar
On Monday, May 08, 2006 5:40:29 PM Kalpna said:
Thanks.Let me try.
Kalpna
On Monday, May 08, 2006 6:12:26 PM Kalpna said:
Imar,
I am not able to Log Out.
Eventhough I logout it shows data.How can I flush cookies /or cache
Pl Reply.
Kalpna
On Monday, May 08, 2006 7:12:24 PM Imar Spaanjaars said:
Hi Kalpna,

That's exactly my point. Because you're using Windows Authentication you are always logged in. Even if you could log out, you'll be authenticated on the next request again, because you're using integrated security. On each request, you're authenticated automatically.

What are you trying to accomplish? There may be other ways to do what you want...

Imar
On Monday, May 08, 2006 7:40:57 PM Kalpna said:
Thanks for asking.
Actually,We have active directory for storing login information which is tied to share point portal using IIS(windows authentication).Now I have to link asp.net 2.0 web application from share point portal so users who is using portal rightnow should not be asked to login again.And I am testing the application and the problem is it asks as it should once to enter the portal but then even though I click on log out ,it is not askign me again to login.
Thanks,
Kalpna
On Monday, May 08, 2006 7:52:18 PM Imar Spaanjaars said:
Well, like I said: there is no point in logging out by clicking a button and calling Session.Abandon or FormsAuthentication.Signout. The browser keeps a cache of the user name and password (when using basic authentication) and resubmits them with every request. Closing the browser window forces a new login though.

Also, take a look here: http://www.codecomments.com/archive319-2005-12-726458.html

Dominick Baier suggest to set the response status to 401 (Unauthorized) or to use JavaScript that works on IE only.

When you say "I click on log out", what code is in the click event? Are you still calling FormsAuthentication.Signout? That's pointless, in an integrated security scenario.

Cheers,

Imar
On Monday, May 08, 2006 8:14:33 PM kalpna said:
I dont have any login page so already user is authenticated once he is in the portal.So where should I write this and what exactly should I write in C#.net for Response.Statuscode(401) and how and where can I write
document.execCommand(ClearAuthenticationCache, false)
.
On Monday, May 08, 2006 8:59:55 PM Imar Spaanjaars said:
You could Google a bit for these terms to bring up some useful information.

Otherwise, I suggest you post your question on a forum like http://p2p.wrox.com/

This topic is getting a bit too broad to discuss as responses to this article. If you send me the link to your post, I'll try to take a look...

Imar
On Tuesday, December 12, 2006 10:52:33 AM ganesh vempaty said:
hi all,

i have query tht how could i detect my username and paasword for portal when i login.i want to display the  person username and password who logins into my portal.how could i do it .help me urgent

with regards and thanks
ganeshv
On Tuesday, December 12, 2006 5:11:40 PM Imar Spaanjaars said:
Hi ganesh,

Of course it's urgent. It's always urgent. However, saying it's urgent to me doesn't really speed things up.

What does speed up things is asking proper questions with lots of detail. Wth your current question, I have no idea what you're asking so I can't help.

Can you provide more details?

Imar
On Sunday, February 11, 2007 3:18:45 AM Radhakrishna said:
Hello Imar

Nice site! Thanks for your concern and help.

I got stuck up with ASP.NET (.aspx) code where i wish i can log the logged-in users (who ever hit my page) with the username taken from the system (if it is internet) or domain (if its intranet) and the IP address and the log-in time with timestamp (say ...11th February 2007).

In brief, i need .aspx code which displays -

1. Username ( System or Domain ),
2. Logged-in Timestamp and
3. User IP Address

Will you be able to help me in this regards.

Thanks and Best regards,
Radhakrishna
On Sunday, February 11, 2007 10:00:06 AM Imar Spaanjaars said:
Hi Radhakrishna,

Search Google for

asp.net request.servervariables

You'll find some useful information about retrieving this information.

Cheers,

Imar
On Monday, April 09, 2007 8:46:14 AM vinay wadekar said:
Thanks for your suggestions for "there is no point in logging out by clicking a button and calling Session.Abandon or FormsAuthentication.Signout. The browser keeps a cache of the user name and password (when using basic authentication) and resubmits them with every request. Closing the browser window forces a new login though".

For removing cache of the user name and password, I have write the single line code after FormsAuthentication.Signout and before Redirect to Login page "Context.Response.Cookies[FormsAuthentication.FormsCookieName].Expires = DateTime.Now;". It works fine.
On Monday, April 09, 2007 8:55:47 AM Imar Spaanjaars said:
Hi vinay,

Then you're probably not using Integrated / Windows Authentication as Kalpna  was, but FormsAuthentication instead....

Imar
On Thursday, July 28, 2011 12:36:52 AM suresh said:
hi

i need user authentication ob button click event.i use visual studio 2008 and i fetch data from database.method user.identity.isauthenticated not working.plz help ma.........
On Thursday, July 28, 2011 4:11:35 AM Imar Spaanjaars said:
Hi suresh,

Hard to say without seeing your code. Can you post this on a forum such as http://p2p.wrox.com?

Cheers,

Imar

Talk Back! Comment on Imar.Spaanjaars.Com

I am interested in what you have to say about this article. Feel free to post any comments, remarks or questions you may have about this article. The Talk Back feature is not meant for technical questions that are not directly related to this article. So, a post like "Hey, can you tell me how I can upload files to a MySQL database in PHP?" is likely to be removed. Also spam and unrealistic job offers will be deleted immediately.

When you post a comment, you have to provide your name and the comment. Your e-mail address is optional and you only need to provide it if you want me to contact you. It will not be displayed along with your comment. I got sick and tired of the comment spam I was receiving, so I have protected this page with a simple calculation exercise. This means that if you want to leave a comment, you'll need to complete the calculation before you hit the Post Comment button.

If you want to object to a comment made by another visitor, be sure to contact me and I'll look into it ASAP. Don't forget to mention the page link, or the QuickDocId of the document.

For more information about the Talk Back feature, check out this news item.