private bool LoginUser(Credentials credentials)
        {
            string connectionString = ConfigurationManager.AppSettings["ConnectionString"];
            NpgsqlConnection conn = new NpgsqlConnection(connectionString);

            NpgsqlCommand command = new NpgsqlCommand(@"SELECT COUNT(*) FROM clients WHERE email=@email AND password=@password");
            command.Parameters.Add("@email", NpgsqlDbType.Varchar, 100).Value = credentials.Email;
            command.Parameters.Add("@password", NpgsqlDbType.Varchar, 100).Value = credentials.Password;
            command.Connection = conn;

            try
            {
                conn.Open();

                int result = Convert.ToInt32(command.ExecuteScalar());

                if (result > 0)
                    return true;
                else
                    return false;
            }
            catch (NpgsqlException e)
            {
                return false;
            }
            finally
            {
                conn.Close();
            }
        }
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            User user = HttpContext.Current.Session[SessionVars.User] as User;
            HttpCookie c = httpContext.Request.Cookies.Get(FormsAuthentication.FormsCookieName);

            #region Persistent Login

            if (user == null && c != null && !string.IsNullOrEmpty(c.Value))
            {
                FormsAuthenticationTicket t = FormsAuthentication.Decrypt(c.Value);

                string email = t.UserData.Split(' ')[0];
                string password = t.UserData.Split(' ')[1];

                Credentials credentials = new Credentials() { Email = email, Password = password };

                if (this.LoginUser(credentials))
                {
                    user = new User() { Email = credentials.Email, Password = credentials.Password };

                    httpContext.Session["user"] = user;
                }

            }
            #endregion

            if (user != null)
                return true;

            return false;
        }
        private bool RegisterUser(Credentials credentials)
        {
            string connectionString = ConfigurationManager.AppSettings["ConnectionString"];
            NpgsqlConnection conn = new NpgsqlConnection(connectionString);

            NpgsqlCommand command = new NpgsqlCommand(@"INSERT INTO clients (email, password ) VALUES ( @email, @password)");
            command.Parameters.Add("@email", NpgsqlDbType.Varchar, 100).Value = credentials.Email;
            command.Parameters.Add("@password", NpgsqlDbType.Varchar, 100).Value = credentials.Password;
            command.Connection = conn;

            try
            {
                conn.Open();

                int result = command.ExecuteNonQuery();

                if (result != -1)
                    return true;
                else
                    return false;
            }
            catch (NpgsqlException e)
            {
                return false;
            }
            finally
            {
                conn.Close();
            }
        }
        public override object BindForModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
        {
            var request = controllerContext.HttpContext.Request;

            StreamReader r = new StreamReader(request.InputStream);
            string s = r.ReadToEnd();

            var queryParams = HttpUtility.ParseQueryString(s);

            Credentials c = new Credentials();
            c.Email = queryParams["email"];
            c.Password = queryParams["password"];

            return c;
        }
        public ActionResult IndexPost(Credentials credentials)
        {
            // Output
            Response.ContentType = "application/json";
            Response.StatusCode = (int)HttpStatusCode.OK;

            if (this.RegisterUser(credentials))
            {
                return new WebResult(new ResultInfo() { GreatSuccess = true });
            }
            else
            {
                return new WebResult(new ResultInfo() { GreatSuccess = false });
            }
        }
        private bool LoginUser(Credentials credentials)
        {
            string connectionString = ConfigurationManager.AppSettings["ConnectionString"];
            NpgsqlConnection conn = new NpgsqlConnection(connectionString);

            NpgsqlCommand command = new NpgsqlCommand("SELECT \"internalId\", email, password  FROM clients WHERE email=@email AND password=@password");
            command.Parameters.Add("@email", NpgsqlDbType.Varchar, 100).Value = credentials.Email;
            command.Parameters.Add("@password", NpgsqlDbType.Varchar, 100).Value = credentials.Password;
            command.Connection = conn;

            try
            {
                conn.Open();

                NpgsqlDataReader reader = command.ExecuteReader();

                List<User> users = new List<User>();

                while (reader.Read())
                {
                    users.Add(new User()
                    {
                        InternalId = reader.GetInt32(reader.GetOrdinal("internalId")),
                        Email = reader.GetString(reader.GetOrdinal("email")),
                        Password = reader.GetString(reader.GetOrdinal("password")),
                    });
                }

                if (users.Count == 0 || users.Count > 1)
                    return false;
                else
                {
                    this.CreateAuthenticationTicket( users[0] );
                    return true;
                }
            }
            catch (NpgsqlException e)
            {
                return false;
            }
            finally
            {
                conn.Close();
            }
        }
        public ActionResult IndexPost(Credentials credentials)
        {
            // Output
            Response.ContentType = "application/json";
            Response.StatusCode = (int)HttpStatusCode.OK;

            if (this.LoginUser(credentials))
            {
                User user = Session[SessionVars.User] as User;

                DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(User));
                serializer.WriteObject(Response.OutputStream, Session[SessionVars.User]);

                return new EmptyResult();
            }
            else
            {
                return new WebResult(new ResultInfo() { GreatSuccess = false });
            }
        }