public ActionResult Login(Account model, string returnUrl) { if (ModelState.IsValid) { using (HotelDatabase2018Entities1 entities = new HotelDatabase2018Entities1()) { string username = model.Username; string password = model.Password; var x = (from acc in entities.Accounts join emp in entities.Employees on acc.AccountID equals emp.AccountID where acc.Username == username where acc.Password == password where emp.Status == "Active" select acc).ToList(); if (x.Count() != 0) { int accid = x.ElementAt(0).AccountID; var e = (from emp in entities.Employees where emp.AccountID == accid select emp).ToList(); FormsAuthentication.SetAuthCookie(username, false); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return(Redirect(returnUrl)); } else { int?roleid = e.ElementAt(0).RoleID; switch (roleid) { case 1: return(RedirectToAction("Index", "Administrator")); case 2: return(RedirectToAction("Index", "Manager")); case 3: return(RedirectToAction("Index", "Reception")); } } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); } } } return(View(model)); }
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { if (FormsAuthentication.CookiesSupported == true) { if (Request.Cookies[FormsAuthentication.FormsCookieName] != null) { try { string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name; string roles = string.Empty; using (HotelDatabase2018Entities1 entities = new HotelDatabase2018Entities1()) { Account user = entities.Accounts.SingleOrDefault(u => u.Username == username); var emp = (from u in entities.Employees where u.AccountID == user.AccountID select u).ToList(); int?roleid = emp.ElementAt(0).RoleID; var role = (from r in entities.Roles where r.RoleID == roleid select r).ToList(); roles = role.ElementAt(0).Description; } HttpContext.Current.User = new System.Security.Principal.GenericPrincipal( new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';')); } catch (Exception) { } } } }