private async Task <bool> AuthenticateUser(string sessionKey) { var userSessionData = _userSessionManager.GetUserSessionDataForKey(sessionKey); if (userSessionData == null) { return(false); } var persona = await _dbContext.Personas.SingleOrDefaultAsync(x => x.Id == userSessionData.PersonaId); if (persona == null) { return(false); } var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, Convert.ToString(persona.Id)), new Claim(ClaimTypes.Name, persona.Username), }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); var authProperties = new AuthenticationProperties { //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. //ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. //IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. When used with cookies, controls // whether the cookie's lifetime is absolute (matching the // lifetime of the authentication ticket) or session-based. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties); return(true); }