public JsonResult Login(Login loginUser)
{
Response.ContentType = "application/json; charset=utf-8";
if (!ModelState.IsValid)
{
Response.StatusCode = 400;
return(Json(new { message = "Bad request, please check your input and try again." }, JsonRequestBehavior.AllowGet));
}
using (CauseDBContext db = new CauseDBContext())
{
var matchedUsers = db.Members.FirstOrDefault(a => a.Email.Equals(loginUser.Email));
if (matchedUsers != null && Crypto.VerifyHashedPassword(matchedUsers.Password, loginUser.Password))
{
Session["UserID"] = matchedUsers.ID.ToString();
Session["UserName"] = matchedUsers.Name.ToString();
// don't worry, this isn't actually used for any authorisation logic, just whether to display the admin menu link - the actual route is secured
if (matchedUsers.Role == Role.Admin)
{
Session["admin"] = true;
}
Response.StatusCode = 200;
return(Json(new { message = "Login complete, welcome back." }, JsonRequestBehavior.AllowGet));
}
else
{
Response.StatusCode = 403;
return(Json(new { message = "The username/password was incorrect. Please try again." }, JsonRequestBehavior.AllowGet));
}
}
}