I set the Forms Authentication using an authorize attribute that that checks a query string hash value:
FormsAuthentication.SetAuthCookie(qs["name"], false);
On the next request I check that the user is logged in:
filterContext.HttpContext.Request.IsAuthenticated
This returns false (seems strange so i have a look at the cookie)
filterContext.HttpContext.Request.Cookies[".ASPXAUTH"]
Returns:
{System.Web.HttpCookie}
Domain: null
Expires: {1/01/0001 12:00:00 a.m.}
HasKeys: false
HttpOnly: false
Name: ".ASPXAUTH"
Path: "/"
Secure: false
Shareable: false
Value: "9A3F32523C37286093E99907E8A71C405854EE409667A34AA8E06665D0912EEA5DAD69C605F45134A9BBA314BC8C4A5AEA46F9F623013A1FA2A98F3AEE834D69555C1849926C4A369B8E5E0A2E26CBB4ACBDBC8D0389BBD9A2C8F942ACFFBF20566BA2D7A1F80914D8B097866D06CC3059DB306C3E83C09800CCD4697D38AF5C"
Values: {9A3F32523C37286093E99907E8A71C405854EE409667A34AA8E06665D0912EEA5DAD69C605F45134A9BBA314BC8C4A5AEA46F9F623013A1FA2A98F3AEE834D69555C1849926C4A369B8E5E0A2E26CBB4ACBDBC8D0389BBD9A2C8F942ACFFBF20566BA2D7A1F80914D8B097866D06CC3059DB306C3E83C09800CCD4697D38AF5C}
So the cookie is there, lets decrypt it to see that its valid?
FormsAuthentication.Decrypt(filterContext.HttpContext.Request.Cookies[".ASPXAUTH"].Value)
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
Expiration: {25/06/2015 12:09:17 p.m.}
Expired: false
IsPersistent: false
IssueDate: {25/06/2015 11:39:17 a.m.}
Name: "john"
UserData: ""
Version: 2
So the cookie is all good, why does Request.IsAuthenticated return false???
Was missing from the web.config