// Log-Out
/// <summary>
/// Do not call if the system does not implement the forms authentication capable user management provider.
/// </summary>
public static void LogOutUser()
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(null);
}
else
{
clearFormsAuthCookie();
}
AppRequestState.Instance.SetUser(null);
}
private static void setFormsAuthCookieAndUser(FormsAuthCapableUser user)
{
if (AppRequestState.Instance.ImpersonatorExists)
{
UserImpersonationStatics.SetCookie(user);
}
else
{
var strictProvider = SystemProvider as StrictFormsAuthUserManagementProvider;
// If the user's role requires enhanced security, require re-authentication every 12 minutes. Otherwise, make it the same as a session timeout.
var authenticationDuration = strictProvider != null && strictProvider.AuthenticationTimeoutInMinutes.HasValue
? TimeSpan.FromMinutes(strictProvider.AuthenticationTimeoutInMinutes.Value)
: user.Role.RequiresEnhancedSecurity ? TimeSpan.FromMinutes(12) : SessionDuration;
var ticket = new FormsAuthenticationTicket(user.UserId.ToString(), false /*meaningless*/, (int)authenticationDuration.TotalMinutes);
setFormsAuthCookie(ticket);
}
AppRequestState.Instance.SetUser(user);
}
