public HttpCookie Login(string username, string password) { User userData = _userDao.Read(username); if (userData == null || !AreCredentialsCorrect(username, password)) { throw new LoginException("Invalid credentials"); } string data = new JavaScriptSerializer().Serialize(userData); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddYears(1), false, data); string cookieData = _formsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(_formsAuthentication.FormsCookieName(), cookieData) { HttpOnly = true, Expires = ticket.Expiration, Name = AuthenticationFilterAttribute.CookieName }; return(cookie); }