public CookieIdentity GetCurrentUser() { var name = HttpContext.Current.User.Identity.Name; var authCookie = _cookieManager.Get(CoreConstants.Authentication.IdentityCookieName); if (name.IsNullOrEmpty() || authCookie.IsNullOrEmpty()) { return(SignInGuest()); } var authIdentity = CookieIdentity.Decode(authCookie); //make sure the identity cookie has not been hacked if (authIdentity.Email.ToLowerInvariant().Trim() == name.ToLowerInvariant().Trim()) { return(authIdentity); } return(SignInGuest()); }