private void Authorize(User dbUser) { // Create principal UserPrincipal userPrincipal = new UserPrincipal(dbUser.Username, dbUser.Id, dbUser.IsManager); // Save it to this request and session string principalApplicationKey = Guid.NewGuid().ToString(); UserPrincipal.CurrentPrincipal = userPrincipal; ControllerContext.HttpContext.User = userPrincipal; ControllerContext.HttpContext.Application[principalApplicationKey] = userPrincipal; // Set Forms auth cookie HttpCookie authCookie = GetAuthCookie(userPrincipal, principalApplicationKey); Response.Cookies.Add(authCookie); }
private HttpCookie GetAuthCookie(UserPrincipal userPrincipal, string principalApplicationKey) { HttpCookie initialCookie = FormsAuthentication.GetAuthCookie(userPrincipal.Identity.Name, false); FormsAuthenticationTicket initialTicket = FormsAuthentication.Decrypt(initialCookie.Value); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version userPrincipal.Identity.Name, // username initialTicket.IssueDate, // issue date initialTicket.Expiration, // expiration false, // persistance principalApplicationKey, // user data FormsAuthentication.FormsCookiePath); // Build auth cookie return new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); }