public ActionResult Login(LoginModel model, string returnUrl) { if (ModelState.IsValid) { try { // First assume the username was typed in. if (_webSecurity.Login(model.UserNameOrEmail, model.Password, model.RememberMe)) { if (_webSecurity.IsUserInRole(model.UserNameOrEmail, Constants.RoleAdmin)) { return(RedirectToAction("List", "Disaster")); } return(RedirectToLocal(returnUrl)); } // If login fails, assume the email was typed in instead. var user = _volunteerSvc.FindUserByEmail(model.UserNameOrEmail); if (user != null) { if (_webSecurity.Login(user.UserName, model.Password, model.RememberMe)) { if (_webSecurity.IsUserInRole(user.UserName, Constants.RoleAdmin)) { return(RedirectToAction("List", "Disaster")); } return(RedirectToLocal(returnUrl)); } } } catch (UserNotActivatedException) { ModelState.AddModelError("", "Your account has to be confirmed by the link sent in the email before you can login."); return(View(model)); } } // If we got this far, something failed, redisplay form ModelState.AddModelError("", "The username/email or password provided is incorrect."); return(View(model)); }