public ActionResult LoginAction() { if (Request.Form.GetValues(CommonResources.User_Username.ToLower()) == null || Request.Form.GetValues(CommonResources.User_Password.ToLower()) == null) { TempData["error"] = "System error. Please try again later"; return(RedirectToAction("Login")); } var username = Request.Form.GetValues(CommonResources.User_Username.ToLower())[0]; var password = Request.Form.GetValues(CommonResources.User_Password.ToLower())[0]; var user = Membership.GetUser(username); if (user != null && user.IsLockedOut) { TempData["error"] = "User account is locked-out"; LogManager.Log("Login failed due to account lock-out", LogType.info, (Guid)user.ProviderUserKey); return(RedirectToAction("Login")); } if (!Membership.ValidateUser(username, password)) { TempData["error"] = "Invalid Username or Password"; //LogManager.Log("Login failed due to invalid username or password", LogType.error, username); var failedUser = Membership.GetUser(username); if (failedUser != null && failedUser.IsLockedOut) { TempData["error"] = "User account has been locked-out"; LogManager.Log("User account has been locked-out", LogType.info, (Guid)failedUser.ProviderUserKey); } return(RedirectToAction("Login")); } Guid adminId = userQuery.GetAdministratorId((Guid)user.ProviderUserKey); if (adminId != Guid.Empty) { Setting.AdministratorId = adminId; } else { TempData["error"] = "You do not have permission."; LogManager.Log("Login failed due to permission constraint", LogType.error, (Guid)user.ProviderUserKey); return(RedirectToAction("Login")); } FormsAuthentication.SetAuthCookie(username, true); LogManager.Log("Successful loged-in", LogType.info, (Guid)user.ProviderUserKey); return(RedirectToAction("Home")); }