public ActionResult SignIn([Bind(Include = "CustomerId,Password")] CustomerSignIn customerSignIn, string ReturnUrl)
{
using (NorthwindEntities db = new NorthwindEntities())
{
if (ModelState.IsValid)
{
// find customer by CustomerId
Customer customer = db.Customers.Find(customerSignIn.CustomerId);
// hash & salt the posted password
string str = UserAccount.HashSHA1(customerSignIn.Password + customer.UserGuid);
// Compared posted Password to customer password
if (str == customer.Password)
{
// Passwords match
// authenticate user (this stores the CustomerID in an encrypted cookie)
// normally, you would require HTTPS
FormsAuthentication.SetAuthCookie(customer.CustomerID.ToString(), false);
//send a cookie to client to indicate that this is a customer
HttpCookie myCookie = new HttpCookie("role");
myCookie.Value = "customer";
Response.Cookies.Add(myCookie);
// if there is a return url, redirect to the url
if (ReturnUrl != null)
{
return(Redirect(ReturnUrl));
}
// Redirect to Home page
return(RedirectToAction(actionName: "Index", controllerName: "Home"));
}
else
{
// Passwords do not match
ModelState.AddModelError("Password", "Incorrect password");
}
// create drop-down list box for company name
ViewBag.CustomerID = new SelectList(db.Customers.OrderBy(c => c.CompanyName),
"CustomerID", "CompanyName").ToList();
return(View());
}
// create drop-down list box for company name
ViewBag.CustomerID = new SelectList(db.Customers.OrderBy(c => c.CompanyName), "CustomerID", "CompanyName").ToList();
return(View());
}
}
public ActionResult SignIn([Bind(Include = "CustomerId,Password")] CustomerSignIn customerSignIn, string ReturnUrl)
{
if (ModelState.IsValid)
{
using (var db = new NorthwindEntities())
{
Customer customer = db.Customers.Find(customerSignIn.CustomerId);
var pass = UserAccount.HashSHA1(customerSignIn.Password + customer.UserGuid);
if (pass == customer.Password)
{
FormsAuthentication.SetAuthCookie(customer.CustomerID.ToString(), false);
HttpCookie cookie = new HttpCookie("role");
if (customer.Role == 0)
{
cookie.Value = "customer";
}
else if (customer.Role == 1)
{
cookie.Value = "vendor";
}
Response.Cookies.Add(cookie);
if (ReturnUrl != null)
{
return(Redirect(ReturnUrl));
}
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("Password", "Incorrect password");
}
ViewBag.CustomerId = new SelectList(db.Customers.OrderBy(c => c.CompanyName), "CustomerID", "CompanyName").ToList();
}
}
return(View());
}
