private void OnEndRequest( object sender, EventArgs e )
{
var app = (HttpApplication)sender;
if (!CheckRequireAuthentication(app.Context))
return;
if (ImpersonationEnabled)
{
HttpCookie cookie = app.Context.Response.Cookies[ImpersonationKey];
if (SecurityContextManager.IsImpersonating)
{
if (cookie == null)
{
cookie = new HttpCookie(ImpersonationKey) {Secure = true};
app.Context.Response.Cookies.Add(cookie);
}
cookie.Expires = DateTime.Now.AddMinutes(15);
cookie.Value = SecurityContextManager.CurrentUser.Identity.Name;
}
else if (cookie != null)
{
cookie.Expires = DateTime.Now.AddDays(-1);
app.Context.Response.Cookies.Remove(ImpersonationKey);
}
}
HttpCookie authCookie = app.Context.Response.Cookies[AuthenticationTicketTokenKey];
if (authCookie == null)
{
authCookie = new HttpCookie(AuthenticationTicketTokenKey) {Secure = true};
app.Context.Response.Cookies.Add(authCookie);
}
if (!SecurityContextManager.IsAnonymous)
{
authCookie.Expires = SecurityContextManager.CurrentUser.Identity.Ticket.UserSession.ExpirationDate;
authCookie.Value = SecurityContextManager.CurrentUser.Identity.Ticket.UserSession.RenewalToken.ToString();
HttpCookie rememberCookie = app.Context.Response.Cookies[RememberMeKey];
if (rememberCookie == null)
{
rememberCookie = new HttpCookie(RememberMeKey) {Secure = true};
app.Context.Response.Cookies.Add(rememberCookie);
}
rememberCookie.Expires = authCookie.Expires;
bool remember = ((authCookie.Expires - DateTime.UtcNow).TotalMinutes > 21);
rememberCookie.Value = remember.ToString();
}
else
{
HttpCookie anonCookie = app.Context.Response.Cookies[SessionIdKey];
if (anonCookie == null)
{
anonCookie = new HttpCookie(SessionIdKey) {Secure = true};
app.Context.Response.Cookies.Add(anonCookie);
}
anonCookie.Expires = DateTime.UtcNow.AddDays(3);
//this renewal token is a session token when anonymous
anonCookie.Value = SecurityContextManager.CurrentUser.Identity.Ticket.UserSession.RenewalToken.ToString();
}
}