FormsAuthentication in ASP.NET MVC 4 doesn't work

Question

My source:

web.Config

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301880
  -->
<configuration>
  <configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-LogInSystem-20140901072022.mdf;Initial Catalog=aspnet-LogInSystem-20140901072022;Integrated Security=True" providerName="System.Data.SqlClient" />
    <add name="MainDbContext" connectionString="metadata=res://*/MainDbModel.csdl|res://*/MainDbModel.ssdl|res://*/MainDbModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=(LocalDB)\v11.0;attachdbfilename=|DataDirectory|\MainDb.mdf;integrated security=True;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />

  </appSettings>
  <system.web>
    <authentication mode="None" />
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <system.webServer>
    <modules>
      <remove name="FormsAuthenticationModule" />
    </modules>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v11.0" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
</configuration>

Login method:

[HttpPost]
public ActionResult LogIn(UserModel user)
{
     if (ModelState.IsValid)
     {
         if (IsValid(user.Email, user.Password))
         {
             System.Web.Security.FormsAuthentication.SetAuthCookie(user.Email, false);
             return RedirectToAction("Index", "Home");
         }
         else
         {
              ModelState.AddModelError("", "Login data is incorrect.");
         }
     }
     return View(user);
}

and code :

@if (Request.IsAuthenticated)
{
     <strong>@Html.Encode(User.Identity.Name)</strong>
     @Html.ActionLink("Log Out", "Logout", "User")
 }
 else
 {
     @Html.ActionLink("Register", "Register", "User")
     <span> | </span>
     @Html.ActionLink("Log in", "Login", "User")
 }

@Edit LogIn:

@using (Html.BeginForm())
{
    @Html.ValidationSummary(true, "Login failed. Check your login details")
    <div>
        <fieldset>
            <legend>Login form</legend>
            <div>@Html.LabelFor(u => u.Email)</div>
            <div>
            @Html.TextBoxFor(u=>u.Email)
            @Html.ValidationMessageFor(u=>u.Email)
            </div>

            <div>@Html.LabelFor(u => u.Password)</div>
            <div>
                @Html.PasswordFor(u => u.Password)
                @Html.ValidationMessageFor(u => u.Password)
            </div>

            <input type="submit" value="Log In"/>

        </fieldset>
    </div>
}

Then I click button logIn (it's not show in this code) then I go to: public ActionResult LogIn(UserModel user) method. Then I have vaild etc...
Next step: System.Web.Security.FormsAuthentication.SetAuthCookie(user.Email, false); but when the page refreshes I can't see my user.Email , but all time see Register | Log In Register | Log In , but must be, fe as2@email.com | Log Out as2@email.com | Log Out . It's similar to: Request.IsAuthenticated == false

How can I resolve it?

Answer 1

Replace

<authentication mode="None" />

with

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="60" />
</authentication>

(adjust the value of the timeout attribute to suit your needs)

Answer 2

You seem to removing the FormsAuthenticationModule in your web.config:

<system.webServer>
    <modules>
      <remove name="FormsAuthenticationModule" />
    </modules>
</system.webServer>

I'm not familiar enough with how it's all hooked up in MVC however if you don't have anything else to handle the authentication I would not be removing the FormsAuthenticationModule