public ActionResult LoginAction()
        {
            if (Request.Form.GetValues(CommonResources.User_Username.ToLower()) == null ||
                Request.Form.GetValues(CommonResources.User_Password.ToLower()) == null)
            {
                TempData["error"] = "System error. Please try again later";
                return(RedirectToAction("Login"));
            }

            var username = Request.Form.GetValues(CommonResources.User_Username.ToLower())[0];
            var password = Request.Form.GetValues(CommonResources.User_Password.ToLower())[0];

            var user = Membership.GetUser(username);

            if (user != null && user.IsLockedOut)
            {
                TempData["error"] = "User account is locked-out";
                LogManager.Log("Login failed due to account lock-out", LogType.info, (Guid)user.ProviderUserKey);

                return(RedirectToAction("Login"));
            }

            if (!Membership.ValidateUser(username, password))
            {
                TempData["error"] = "Invalid Username or Password";
                //LogManager.Log("Login failed due to invalid username or password", LogType.error, username);

                var failedUser = Membership.GetUser(username);

                if (failedUser != null && failedUser.IsLockedOut)
                {
                    TempData["error"] = "User account has been locked-out";
                    LogManager.Log("User account has been locked-out", LogType.info, (Guid)failedUser.ProviderUserKey);
                }

                return(RedirectToAction("Login"));
            }

            Guid adminId = userQuery.GetAdministratorId((Guid)user.ProviderUserKey);

            if (adminId != Guid.Empty)
            {
                Setting.AdministratorId = adminId;
            }
            else
            {
                TempData["error"] = "You do not have permission.";
                LogManager.Log("Login failed due to permission constraint", LogType.error, (Guid)user.ProviderUserKey);
                return(RedirectToAction("Login"));
            }

            FormsAuthentication.SetAuthCookie(username, true);
            LogManager.Log("Successful loged-in", LogType.info, (Guid)user.ProviderUserKey);
            return(RedirectToAction("Home"));
        }