private string[] LookupRolesForUser(string name)
{
var repo = new AccountRepository(); // In the real world, you would probably use service locator pattern and call DependencyResolver here
var user = repo.FindByName(name);
if (user != null)
{
return user.Roles;
}
return new string[0]; // Alternatively throw an exception
}
public ActionResult Login(string userName, string password, string returnUrl)
{
var repo = new AccountRepository();
var user = repo.FindByName(userName);
if (user != null && user.ValidatePassword(password))
{
FormsAuthentication.SetAuthCookie(userName, false);
if (returnUrl != null && Url.IsLocalUrl(returnUrl))
return Redirect(returnUrl);
else
return RedirectToAction("Index");
}
ModelState.AddModelError("", "Invalid user name or password");
return View();
}