public ActionResult Login(UserDTO UserLogin = null) { try { //remove validation because for login only need username and password ModelState.Remove("FULL_NAME"); ModelState.Remove("CONFIRM_PASSWORD"); ModelState.Remove("ROLE_ID"); ModelState.Remove("ROLE_NAME"); ModelState.Remove("USER_ID"); if (ModelState.IsValid) { if (UserLogin != null) { using (DBEntities db = new DBEntities()) { if (ModelState.IsValid) { //encrypt password with sha256 TB_USER user = db.TB_USER.FirstOrDefault(u => u.USERNAME == UserLogin.USERNAME); //if user is not already in database if (user == null) { TempData.Add("message", "User is not valid"); TempData.Add("type", "warning"); return(Redirect("~/auth/login")); } //if user is already in database else { string d = CryptographyUtils.Encrypt(UserLogin.PASSWORD); if (user.PASSWORD != CryptographyUtils.Encrypt(UserLogin.PASSWORD)) { TempData.Add("message", "Password Wrong"); TempData.Add("type", "warning"); return(Redirect("~/auth/login")); } else { //make session is filed by userDTO UserDTO userDTO = new UserDTO { ROLE_ID = user.ROLE_ID, USER_ID = user.USER_ID, USERNAME = user.USERNAME, EMAIL = user.EMAIL, FULL_NAME = user.FULL_NAME }; Session.Add("UserLogin", userDTO); return(Redirect("~/dashboard")); } } } } return(Redirect("~/auth/login")); } } return(Redirect("~/auth/login")); } catch (Exception) { return(Redirect("~/auth/error")); } }