/// <summary>
        /// Save encrypted cookie by authentication ticket
        /// </summary>
        /// <param name="user"></param>
        /// <param name="isPersistentCookie"></param>
        public void SignIn(User user, bool isPersistentCookie)
        {
            var localTime = DateTime.UtcNow.ToLocalTime();
            var ticket = new FormsAuthenticationTicket(
                1, // version
                user.GetUserNameOrEmail(), // cookie's name
                localTime,
                localTime.Add(this.expiration),
                isPersistentCookie,
                user.GetUserNameOrEmail(), // cookie's content
                FormsAuthentication.FormsCookiePath);

            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); // create encrypted cookie
            cookie.HttpOnly = true;
            if (ticket.IsPersistent) // the cookie's expiration will not later than form authentication timeout even if the ticket is persistent
            {
                cookie.Expires = ticket.Expiration; // in actual, the cookie's expires will be set as form authentication timeout default. Reference: http://stackoverflow.com/questions/10345817/what-is-the-purpose-of-formsauthenticationticket-ispersistent-property
            }
            cookie.Secure = FormsAuthentication.RequireSSL;
            cookie.Path = FormsAuthentication.FormsCookiePath;
            if (FormsAuthentication.CookieDomain != null)
                cookie.Domain = FormsAuthentication.CookieDomain;
            httpContext.Response.Cookies.Add(cookie);
            targetUser = user;
        }
 public void Entity_Changes_Trigger()
 {
     User user = new User();
     manager.Resolve<IObserverService>().GetSubscriptionCenter<EntityEvent<User>>().Subscribe(onNext =>
     {
         onNext.Handle(user.Mark(EntityStatus.Update));
     });
 }
        public User GetAuthenticatedUser()
        {
            if (null != targetUser)
                return targetUser;
            if (!httpContext.HasRequest() ||                        // httpContext is not existed
                !httpContext.Request.IsAuthenticated ||             // request is not authenticated
                !(httpContext.User.Identity is FormsIdentity))      // identity is not forms identity (user other authentication mechanism)
                return null;

            var identity = httpContext.User.Identity as FormsIdentity;
            var user = GetAuthenticatedUserFromTicket(identity.Ticket);

            if (user.IsValid() && user.HasRegisteredRole())
                targetUser = user;
            return targetUser;
        }
 public void SignOut()
 {
     targetUser = null; // dispose user
     FormsAuthentication.SignOut();
 }