why after validation is false HttpContext.Current.Request.IsAuthenticated

Question

I've created a login on my website using forms authentication, I do not understand why after creating the ticket and adding it to the cookies

if I check for HttpContext.Current.Request.IsAuthenticated

i get false. Only on the successive request the user become authenticated

this is my code

var fat = new FormsAuthenticationTicket(
    1,
    username,
    DateTime.Now,
    DateTime.Now.AddMinutes(20),
    rememberMe,
    contact.Id + "," + contact.Role.Id,
    FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat)));

at this point if I check for HttpContext.Current.Request.IsAuthenticated i get false, i thought a this point the user is authenticated...

this is my config

<authentication mode="Forms">
    <forms loginUrl="/Admin/Login.aspx" name="FormAuthentication" />
</authentication>
<authorization>
    <deny users="?"/>
</authorization>

thanks.

Answer 1

Because that's how it works. This property tries to read cookies from the request but there isn't any because when the request was sent the client wans't yet authenticated. The cookie is set and on successive client requests send to the server.

After successfully authenticating an user you could redirect to the authenticated part of the site using Response.Redirect. Another possibility is to use directly the RedirectFromLoginPage method which performs two things: it emits the cookie and redirects to the page specified in the <forms> tag.