public IPrincipal GetUpdatedPrincipalFor(IUser user, bool stayLoggedIn = false, FormsAuthenticationTicket currentTicket = null) { Verify.NotNull(user, "user"); Verify.False(user.IsNew, "user.IsNew"); // User must be saved to the DB first. var issueDate = DateTime.Now; if (currentTicket.IsNotNull()) { issueDate = currentTicket.IssueDate; stayLoggedIn = currentTicket.IsPersistent; } var userData = SerializeUser(user); var newTicket = NewTicketFrom(user.UserName, issueDate, ExpirationTime, stayLoggedIn, userData); // Because of this, this method must be called after successful authentication RenewCookieWith(newTicket); IIdentity identity = new FormsIdentity(newTicket); var roleNames = user.Roles.Select(r => r.Name).ToArray(); // TODO: HAS 03/03/2013 Create a custom Principal type to hold custom data return new GenericPrincipal(identity, roleNames); }