Пример #1
0
        /// <summary>
        /// MVC and private use only.
        /// </summary>
        public static void SetFormsAuthCookieAndUser(User user, IdentityProvider identityProvider = null)
        {
            if (AppRequestState.Instance.ImpersonatorExists)
            {
                UserImpersonationStatics.SetCookie(user);
            }
            else
            {
                // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
                var authenticationDuration = identityProvider is LocalIdentityProvider local && local.AuthenticationTimeoutMinutes.HasValue
                                                                     ?
                                             TimeSpan.FromMinutes(local.AuthenticationTimeoutMinutes.Value)
                                                                     : user.Role.RequiresEnhancedSecurity
                                                                             ? TimeSpan.FromMinutes(12)
                                                                             : SessionDuration;

                var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
                AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket));
            }
            AppRequestState.Instance.SetUser(user);

            if (identityProvider != null)
            {
                AppRequestState.AddNonTransactionalModificationMethod(() => SetUserLastIdentityProvider(identityProvider));
            }
            else
            {
                AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName));
            }
        }
        // Log-Out

        /// <summary>
        /// Do not call if the system does not implement the forms authentication capable user management provider.
        /// </summary>
        public static void LogOutUser()
        {
            if (AppRequestState.Instance.ImpersonatorExists)
            {
                UserImpersonationStatics.SetCookie(null);
            }
            else
            {
                AppRequestState.AddNonTransactionalModificationMethod(clearFormsAuthCookie);
            }
            AppRequestState.Instance.SetUser(null);
        }
        /// <summary>
        /// MVC and private use only.
        /// </summary>
        public static void SetFormsAuthCookieAndUser(FormsAuthCapableUser user)
        {
            if (AppRequestState.Instance.ImpersonatorExists)
            {
                UserImpersonationStatics.SetCookie(user);
            }
            else
            {
                var strictProvider = SystemProvider as StrictFormsAuthUserManagementProvider;

                // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
                var authenticationDuration = (strictProvider?.AuthenticationTimeoutInMinutes).HasValue
                                                                     ? TimeSpan.FromMinutes(strictProvider.AuthenticationTimeoutInMinutes.Value)
                                                                     : user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration;

                var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
                AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket));
            }
            AppRequestState.Instance.SetUser(user);
        }