public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { //if (Membership.ValidateUser(model.UserName, model.Password)) // do your app-specific authentication here... if (model.UserName == "bob" && model.Password == "password") { FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); } } // If we got this far, something failed, redisplay form return View(model); }
public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { // for the purposes of this example, thisIsPersistent is always true. // but without including the line cookie.Expires = DateTime.Now.AddYears(1); // the auth ticket is not persisted bool thisIsPersistent = true; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, model.UserName, DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes), thisIsPersistent, model.UserName, FormsAuthentication.FormsCookiePath); string encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Path = FormsAuthentication.FormsCookiePath; //if (thisIsPersistent) // cookie.Expires = DateTime.Now.AddYears(1); System.Web.HttpContext.Current.Response.Cookies.Add(cookie); if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } // If we got this far, something failed, redisplay form return View(model); }