Kayli/gist:fe73769f19fdff40c3a7 Secret

## gistfile1.txt
public class MvcApplication : HttpApplication
{
  ...

  protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {
            var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie == null || authCookie.Value == "")
                return;

            FormsAuthenticationTicket authTicket;
            try
            {
                authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                if (authTicket.Expired) return;
            }
            catch (Exception ex)
            {
                var logger = RootContainer.Resolve<Logger>();
                logger.LogError("Error happened while trying to decrypt forms authentication ticket", ex);
                return;
            }

            if (Context.User != null)
            {
                string[] roles = null;
                try
                {
                    var ser = new JavaScriptSerializer();
                    var playerData = ser.Deserialize<PlayerData>(authTicket.UserData);
                    roles = playerData.Roles;
                }
                catch (Exception ex)
                {
                    var logger = RootContainer.Resolve<Logger>();
                    logger.LogError("Error happened while trying to deserialize user data from forms authentication ticket. Maybe ticket's version recently changed?", ex);
                }
                Context.User = new GenericPrincipal(Context.User.Identity, roles);
            }
        }

## gistfile2.txt
public class AccountController : SomeBaseController
{
  ...
        [HttpPost]
        public JsonResult SignIn(Guid sessionId, string name, string password)
        {
            var player = _gameService.SignInOrNull(sessionId, name, password);
            if (player == null)
                return JsonResult(new { success = false, message = "wrong username or password" });

            var cookie = CreateCookie(player, sessionId);
            _webserverContext.AddCookie(cookie);

            return JsonResult(new { success = true });
        }

        static HttpCookie CreateCookie(User player, Guid sessionId, bool rememberMe = false, string[] roles = null)
        {
            if (roles == null) roles = new[] { "player" };
            var playerData = new PlayerData { PlayerId = player.Id, SessionId = sessionId, PlayerName = player.Username, Roles = roles };
            var ser = new JavaScriptSerializer();
            var playerDataJson = ser.Serialize(playerData);

            var ticket = new FormsAuthenticationTicket(1 /*version*/, player.Id.ToString(), DateTime.UtcNow /*issue date*/,
                                                       DateTime.UtcNow.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
                                                       rememberMe,
                                                       playerDataJson);

            var encryptedTicket = FormsAuthentication.Encrypt(ticket);
            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Secure = false }; //wow, thats baaad!
            return cookie;
        }
}
	public class MvcApplication : HttpApplication
	{
	...

	protected void Application_AuthenticateRequest(object sender, EventArgs e)
	{
	var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
	if (authCookie == null \|\| authCookie.Value == "")
	return;

	FormsAuthenticationTicket authTicket;
	try
	{
	authTicket = FormsAuthentication.Decrypt(authCookie.Value);
	if (authTicket.Expired) return;
	}
	catch (Exception ex)
	{
	var logger = RootContainer.Resolve<Logger>();
	logger.LogError("Error happened while trying to decrypt forms authentication ticket", ex);
	return;
	}

	if (Context.User != null)
	{
	string[] roles = null;
	try
	{
	var ser = new JavaScriptSerializer();
	var playerData = ser.Deserialize<PlayerData>(authTicket.UserData);
	roles = playerData.Roles;
	}
	catch (Exception ex)
	{
	var logger = RootContainer.Resolve<Logger>();
	logger.LogError("Error happened while trying to deserialize user data from forms authentication ticket. Maybe ticket's version recently changed?", ex);
	}
	Context.User = new GenericPrincipal(Context.User.Identity, roles);
	}
	}
	public class AccountController : SomeBaseController
	{
	...
	[HttpPost]
	public JsonResult SignIn(Guid sessionId, string name, string password)
	{
	var player = _gameService.SignInOrNull(sessionId, name, password);
	if (player == null)
	return JsonResult(new { success = false, message = "wrong username or password" });

	var cookie = CreateCookie(player, sessionId);
	_webserverContext.AddCookie(cookie);

	return JsonResult(new { success = true });
	}

	static HttpCookie CreateCookie(User player, Guid sessionId, bool rememberMe = false, string[] roles = null)
	{
	if (roles == null) roles = new[] { "player" };
	var playerData = new PlayerData { PlayerId = player.Id, SessionId = sessionId, PlayerName = player.Username, Roles = roles };
	var ser = new JavaScriptSerializer();
	var playerDataJson = ser.Serialize(playerData);

	var ticket = new FormsAuthenticationTicket(1 /version/, player.Id.ToString(), DateTime.UtcNow /issue date/,
	DateTime.UtcNow.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
	rememberMe,
	playerDataJson);

	var encryptedTicket = FormsAuthentication.Encrypt(ticket);
	var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Secure = false }; //wow, thats baaad!
	return cookie;
	}
	}