public HttpCookie Login(string username, string password)
{
User userData = _userDao.Read(username);
if (userData == null || !AreCredentialsCorrect(username, password))
{
throw new LoginException("Invalid credentials");
}
string data = new JavaScriptSerializer().Serialize(userData);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddYears(1), false, data);
string cookieData = _formsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(_formsAuthentication.FormsCookieName(), cookieData)
{
HttpOnly = true,
Expires = ticket.Expiration,
Name = AuthenticationFilterAttribute.CookieName
};
return(cookie);
}