private IPrincipal GetPrincipal()
{
IPrincipal principal = ApplicationPrincipal.Anonymous;
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
if (!authTicket.Expired)
{
var login = authTicket.Name;
var cache = ServiceLocator.Current.GetInstance<ObjectCache>();
// TODO: if we going to use login as cache key we should not allow to change login?!
var session = cache.Get(login) as PrincipalSession;
if (session == null)
{
var manager = ServiceLocator.Current.GetInstance<IUserManager>();
var user = manager.FindByLogin(login);
if (user != null && user.UserPasswordCredential != null)
{
session = user.Convert();
cache.Add(
login,
session,
new CacheItemPolicy { SlidingExpiration = new TimeSpan(0, 0, 60) });
}
}
if (session != null)
{
principal = session.Convert();
}
}
}
return principal;
}