/// <summary> /// MVC and private use only. /// </summary> public static void SetFormsAuthCookieAndUser(User user, IdentityProvider identityProvider = null) { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(user); } else { // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout. var authenticationDuration = identityProvider is LocalIdentityProvider local && local.AuthenticationTimeoutMinutes.HasValue ? TimeSpan.FromMinutes(local.AuthenticationTimeoutMinutes.Value) : user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration; var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes); AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket)); } AppRequestState.Instance.SetUser(user); if (identityProvider != null) { AppRequestState.AddNonTransactionalModificationMethod(() => SetUserLastIdentityProvider(identityProvider)); } else { AppRequestState.AddNonTransactionalModificationMethod(() => CookieStatics.ClearCookie(identityProviderCookieName)); } }
// Log-Out /// <summary> /// Do not call if the system does not implement the forms authentication capable user management provider. /// </summary> public static void LogOutUser() { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(null); } else { AppRequestState.AddNonTransactionalModificationMethod(clearFormsAuthCookie); } AppRequestState.Instance.SetUser(null); }
/// <summary> /// MVC and private use only. /// </summary> public static void SetFormsAuthCookieAndUser(FormsAuthCapableUser user) { if (AppRequestState.Instance.ImpersonatorExists) { UserImpersonationStatics.SetCookie(user); } else { var strictProvider = SystemProvider as StrictFormsAuthUserManagementProvider; // If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout. var authenticationDuration = (strictProvider?.AuthenticationTimeoutInMinutes).HasValue ? TimeSpan.FromMinutes(strictProvider.AuthenticationTimeoutInMinutes.Value) : user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration; var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes); AppRequestState.AddNonTransactionalModificationMethod(() => setFormsAuthCookie(ticket)); } AppRequestState.Instance.SetUser(user); }