// Log-Out /// <summary> /// Do not call if the system does not implement the forms authentication capable user management provider. /// </summary> public static void LogOutUser() { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(null); } else { clearFormsAuthCookie(); } AppRequestState.Instance.SetUser(null); }
private static void setFormsAuthCookieAndUser(FormsAuthCapableUser user) { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(user); } else { var strictProvider = SystemProvider as StrictFormsAuthUserManagementProvider; // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout. var authenticationDuration = strictProvider != null && strictProvider.AuthenticationTimeoutInMinutes.HasValue ? TimeSpan.FromMinutes(strictProvider.AuthenticationTimeoutInMinutes.Value) : user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration; var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes); setFormsAuthCookie(ticket); } AppRequestState.Instance.SetUser(user); }