/// <summary>
/// MVC and private use only.
/// </summary>
public static void SetFormsAuthCookieAndUser(User user, IdentityProvider identityProvider = null)
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(user);
}
else
{
// If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
var authenticationDuration = identityProvider is LocalIdentityProvider local && local.AuthenticationTimeoutMinutes.HasValue
?
TimeSpan.FromMinutes(local.AuthenticationTimeoutMinutes.Value)
: user.Role.RequiresEnhancedSecurity
? TimeSpan.FromMinutes(12)
: SessionDuration;
var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket));
}
AppRequestState.Instance.SetUser(user);
if (identityProvider != null)
{
AppRequestState.AddNonTransactionalModificationMethod(() => SetUserLastIdentityProvider(identityProvider));
}
else
{
AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName));
}
}
// Log-Out
/// <summary>
/// Do not call if the system does not implement the forms authentication capable user management provider.
/// </summary>
public static void LogOutUser()
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(null);
}
else
{
AppRequestState.AddNonTransactionalModificationMethod(clearFormsAuthCookie);
}
AppRequestState.Instance.SetUser(null);
}
/// <summary>
/// MVC and private use only.
/// </summary>
public static void SetFormsAuthCookieAndUser(FormsAuthCapableUser user)
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(user);
}
else
{
var strictProvider = SystemProvider as StrictFormsAuthUserManagementProvider;
// If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
var authenticationDuration = (strictProvider?.AuthenticationTimeoutInMinutes).HasValue
? TimeSpan.FromMinutes(strictProvider.AuthenticationTimeoutInMinutes.Value)
: user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration;
var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket));
}
AppRequestState.Instance.SetUser(user);
}