public ActionResult LoginAction()
{
if (Request.Form.GetValues(CommonResources.User_Username.ToLower()) == null ||
Request.Form.GetValues(CommonResources.User_Password.ToLower()) == null)
{
TempData["error"] = "System error. Please try again later";
return(RedirectToAction("Login"));
}
var username = Request.Form.GetValues(CommonResources.User_Username.ToLower())[0];
var password = Request.Form.GetValues(CommonResources.User_Password.ToLower())[0];
var user = Membership.GetUser(username);
if (user != null && user.IsLockedOut)
{
TempData["error"] = "User account is locked-out";
LogManager.Log("Login failed due to account lock-out", LogType.info, (Guid)user.ProviderUserKey);
return(RedirectToAction("Login"));
}
if (!Membership.ValidateUser(username, password))
{
TempData["error"] = "Invalid Username or Password";
//LogManager.Log("Login failed due to invalid username or password", LogType.error, username);
var failedUser = Membership.GetUser(username);
if (failedUser != null && failedUser.IsLockedOut)
{
TempData["error"] = "User account has been locked-out";
LogManager.Log("User account has been locked-out", LogType.info, (Guid)failedUser.ProviderUserKey);
}
return(RedirectToAction("Login"));
}
Guid adminId = userQuery.GetAdministratorId((Guid)user.ProviderUserKey);
if (adminId != Guid.Empty)
{
Setting.AdministratorId = adminId;
}
else
{
TempData["error"] = "You do not have permission.";
LogManager.Log("Login failed due to permission constraint", LogType.error, (Guid)user.ProviderUserKey);
return(RedirectToAction("Login"));
}
FormsAuthentication.SetAuthCookie(username, true);
LogManager.Log("Successful loged-in", LogType.info, (Guid)user.ProviderUserKey);
return(RedirectToAction("Home"));
}
