Web.config:

<system.web>
   <authentication mode="Forms">
     <forms loginUrl="~/Account/LogOn" timeout="1" />
   </authentication>
   <sessionState mode="InProc" cookieless="false" timeout="1"></sessionState>
</system.web>

For registration:

FormsAuthentication.SetAuthCookie(model.UserName, false);

In my LogOn method I am also setting an Auth Cookie:

FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);

Remember Me is always false.

In my Navbar, I have a conditional which checks If the request is Authenticated, and if it is not then the logon button shows.

@if(Request.IsAuthenticated)
{....}
else 
{
<ul class="nav nav-pills">
    <li role="presentation">@Html.ActionLink("Home", "Index", "Home", null, new { title = "Return to the homepage" })</li>
    <li role="presentation">@Html.ActionLink("Log On", "LogOn", "Account", null, new { title = "To Logon to the site." })</li>
</ul>
}

After one minute I'm pretty sure the user is logged out, because the Nav shows the logon button, not the log-off button, but when I click on a link, it takes me to that page instead of redirecting to the logon page.

Could this be because I haven't added the [Authorize] attribute to my controller methods? I am a beginner with .NET MVC development so any help at all is greatly appreciated.

Related posts

Recent Viewed