//[ValidateAntiForgeryToken]
public HttpResponseMessage Login(LoginForm loginForm)
{
var formValidation = loginForm.Validate();
if (formValidation.IsValid)
{
try
{
// attempt to login the user
if (AuthenticationSecurity.Login(loginForm.Email, loginForm.Password, loginForm.RememberMe))
{
// set some arbitrary redirect path to a valid MVC route
// note: this is ok since the client should do a redirect and the server will determine their correct path when the account session is updated
// note: ideally we'd look up the account type and set some default path, but this works well enough as long as the redirect is done.
var redirect = "/c/#/path-to-somewhere/";
return(CreateSuccessResponse(new { success = true, results = redirect }));
}
else
{
// force invalid password error
return(CreateInvalidResponse(loginForm.AsInvalidPassword()));
}
}
catch (Exception ex)
{
// log the user out
AuthenticationSecurity.Logout();
return(CreateErrorResponse(ex));
}
}
// invalid parameters, generate response
return(CreateInvalidResponse(formValidation));
}