There’s no difference. The only difference is that if the user is not authenticated User.Identity might be null and thus you might get a NRE, whereas with the second approach, internally there’s a check for this and is safer.
Here’s how the Request.IsAuthenticated method is implemented:
public bool IsAuthenticated
{
get
{
return this._context.User != null &&
this._context.User.Identity != null &&
this._context.User.Identity.IsAuthenticated;
}
}
Basically it’s a bit safer than the first one.