How should I check if a user is authenticated in MVC5?

Based On Darin Dimitrov's Answer, You can shorten the code and use in place:

if( User?.Identity != null && User.Identity.IsAuthenticated )
{ 
//Code Goes Here!
}

The IsAuthenticated property to determine whether the current request has been authenticated. If it has not been authenticated, the request is redirected to another page where users can enter their credentials into the Web application. This is a common technique used in the default page for an application.

but when it comes to User.Identity.IsAuthenticated

The User property provides programmatic access to the properties and methods of the IPrincipal interface. Because ASP.NET pages contain a default reference to the System.Web namespace (which contains the HttpContext class), you can reference the members of HttpContext on an .aspx page without using the fully qualified class reference to HttpContext. For example, you can use User.Identity.Name to get the name of the user on whose behalf the current process is running. However, if you want to use the members of IPrincipal from an ASP.NET code-behind module, you must include a reference to the System.Web namespace in the module and a fully qualified reference to both the currently active request/response context and the class in System.Web that you want to use. For example, in a code-behind page you must specify the fully qualified name


There's no difference. The only difference is that if the user is not authenticated User.Identity might be null and thus you might get a NRE, whereas with the second approach, internally there's a check for this and is safer.

Here's how the Request.IsAuthenticated method is implemented:

public bool IsAuthenticated
{
    get
    {
        return this._context.User != null && 
               this._context.User.Identity != null &&
               this._context.User.Identity.IsAuthenticated;
    }
}

Basically it's a bit safer than the first one.