public ActionResult Logout()
{
UserSessionContext us = new UserSessionContext(HttpContext);
us.RemoveUserId();
return RedirectToAction("Login", "Account");
}
void IActionFilter.OnActionExecuting(ActionExecutingContext filterContext)
{
UserSessionContext us = new UserSessionContext(filterContext.HttpContext);
int userId = us.GetUserId();
var query = from u in db.Users
where u.Id == userId && u.Role == userRole
select u;
var user = query.FirstOrDefault();
if (user == null)
{
RouteValueDictionary redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("action", "Login");
redirectTargetDictionary.Add("controller", "Account");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
else
{
filterContext.HttpContext.Items.Add("User", user);
}
this.OnActionExecuting(filterContext);
}
public ActionResult Login(LoginUserViewModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
var query = from u in db.Users
where u.Name == model.Username && u.Role == UserRole.Admin
select u;
var user = query.FirstOrDefault();
if (user == null || !PasswordHashService.ValidatePassword(model.Password, user.Password))
{
FlashMessageHelper.SetMessage(this, FlashMessageType.Warning, "Autoryzacja danych nie przebiegła pomyślnie.");
return View(model);
}
UserSessionContext us = new UserSessionContext(HttpContext);
us.SetUserId(user.Id);
return RedirectToAction("Index", "Dashboard");
}