ChrisMcKee · March 20, 2013 23:45
diff --git a/BoxedAuthenticationModule.cs b/BoxedAuthenticationModule.cs
 namespace xxx.Web.Auth
 {
  using System;
  using System.Web;
 	using xxx.Domain.Entities;

 	static class ContextExtension
 	{
 		public static bool IsValidForInterrogation(this HttpContext context)
 		{
 			return context.Request.RequestContext.RouteData != null
 				   && context.Request.RequestContext.RouteData.Values != null
 				   && context.Request.RequestContext.RouteData.Values.ContainsKey("controller");
 		}

 		public static bool IsMvcRequest(this HttpContext context)
 		{
 			return context.Request.RequestContext.RouteData != null &&
 			       context.Request.RequestContext.RouteData.RouteHandler != null;
 		}
 	}
 		
 	internal class AuthenticationModule : IHttpModule
 	{
 		public void Init(HttpApplication context)
 		{
 			context.PostAcquireRequestState += ContextOnPostAcquireRequestState;
 		}
 		
 		

 		private void ContextOnPostAcquireRequestState(object sender, EventArgs eventArgs)
 		{
 			HttpApplication application = (HttpApplication)sender;
 			HttpContext context = application.Context;

 			if ((context != null && context.Request.IsAuthenticated))
 			{
 				var isBoxedController = context.IsValidForInterrogation() && context.Request.RequestContext.RouteData.Values["controller"].Equals("SpecialControllerForSpecialPeople");

 				if (!isBoxedController && context.IsMvcRequest())
 				{
 					var auth = context.User.Identity;

 					if (auth.CurrentRole().HasValue && auth.CurrentRole().GetValueOrDefault() == RoleType.UnactivatedAccount)
 					{
 						if (context.Response.Cookies["SPECIALCOOKIE"] != null)
 						{
 							context.Response.Cookies["SPECIALCOOKIE"].Expires = DateTime.MinValue;
 						}
 						System.Web.Security.FormsAuthentication.SignOut();
 						context.Session.Abandon();
 					}
 				}
 			}
 		}

 		public void Dispose()
 		{
 		}

 	}
 }
diff --git a/web.config b/web.config
 You'd need to add this module to your httpmodules and again in the httpmodules within the IIS7 config section.
	namespace xxx.Web.Auth
	{
	using System;
	using System.Web;
	using xxx.Domain.Entities;

	static class ContextExtension
	{
	public static bool IsValidForInterrogation(this HttpContext context)
	{
	return context.Request.RequestContext.RouteData != null
	&& context.Request.RequestContext.RouteData.Values != null
	&& context.Request.RequestContext.RouteData.Values.ContainsKey("controller");
	}

	public static bool IsMvcRequest(this HttpContext context)
	{
	return context.Request.RequestContext.RouteData != null &&
	context.Request.RequestContext.RouteData.RouteHandler != null;
	}
	}

	internal class AuthenticationModule : IHttpModule
	{
	public void Init(HttpApplication context)
	{
	context.PostAcquireRequestState += ContextOnPostAcquireRequestState;
	}



	private void ContextOnPostAcquireRequestState(object sender, EventArgs eventArgs)
	{
	HttpApplication application = (HttpApplication)sender;
	HttpContext context = application.Context;

	if ((context != null && context.Request.IsAuthenticated))
	{
	var isBoxedController = context.IsValidForInterrogation() && context.Request.RequestContext.RouteData.Values["controller"].Equals("SpecialControllerForSpecialPeople");

	if (!isBoxedController && context.IsMvcRequest())
	{
	var auth = context.User.Identity;

	if (auth.CurrentRole().HasValue && auth.CurrentRole().GetValueOrDefault() == RoleType.UnactivatedAccount)
	{
	if (context.Response.Cookies["SPECIALCOOKIE"] != null)
	{
	context.Response.Cookies["SPECIALCOOKIE"].Expires = DateTime.MinValue;
	}
	System.Web.Security.FormsAuthentication.SignOut();
	context.Session.Abandon();
	}
	}
	}
	}

	public void Dispose()
	{
	}

	}
	}