public ActionResult LogOn(LogOnModel model, string returnUrl)
 {
     if (ModelState.IsValid)
       {
     if (MembershipService.ValidateUser(model.UserName, model.Password))
     {
       FormsService.SignIn(model.UserName, model.RememberMe);
       if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
     return Redirect(returnUrl);
       else
     return RedirectToAction("Index", "Home");
     }
     else
     {
       ModelState.AddModelError("", Resources.WebSite.Controllers.IncorrectUserOrPassword);
     }
       }
       return View(model);
 }
 public void LogOn_Post_ReturnsViewIfValidateUserFails()
 {
     AccountController controller = GetAccountController();
       LogOnModel model = new LogOnModel()
       {
     UserName = "******",
     Password = "******",
     RememberMe = false
       };
       ActionResult result = controller.LogOn(model, null);
       Assert.IsInstanceOf(typeof(ViewResult), result);
       ViewResult viewResult = (ViewResult)result;
       Assert.AreEqual(model, viewResult.ViewData.Model);
       Assert.AreEqual(Resources.WebSite.Controllers.IncorrectUserOrPassword, controller.ModelState[""].Errors[0].ErrorMessage);
 }
 public void LogOn_Post_ReturnsRedirectToHomeOnSuccess_WithExternalReturnUrl()
 {
     AccountController controller = GetAccountController();
       var httpContext = Utilities.MockControllerContext(false, false).Object;
       controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);
       LogOnModel model = new LogOnModel()
       {
     UserName = "******",
     Password = "******",
     RememberMe = false
       };
       ActionResult result = controller.LogOn(model, "http://malicious.example.net");
       Assert.IsInstanceOf(typeof(RedirectToRouteResult), result);
       RedirectToRouteResult redirectResult = (RedirectToRouteResult)result;
       Assert.AreEqual("Home", redirectResult.RouteValues["controller"]);
       Assert.AreEqual("Index", redirectResult.RouteValues["action"]);
       Assert.IsTrue(((MockFormsAuthenticationService)controller.FormsService).SignIn_WasCalled);
 }
 public void LogOn_Post_ReturnsViewIfModelStateIsInvalid()
 {
     AccountController controller = GetAccountController();
       LogOnModel model = new LogOnModel()
       {
     UserName = "******",
     Password = "******",
     RememberMe = false
       };
       controller.ModelState.AddModelError("", "Dummy error message.");
       ActionResult result = controller.LogOn(model, null);
       Assert.IsInstanceOf(typeof(ViewResult), result);
       ViewResult viewResult = (ViewResult)result;
       Assert.AreEqual(model, viewResult.ViewData.Model);
 }
 public void LogOn_Post_ReturnsRedirectOnSuccess_WithLocalReturnUrl()
 {
     AccountController controller = GetAccountController();
       var httpContext = Utilities.MockControllerContext(false, false).Object;
       controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);
       LogOnModel model = new LogOnModel()
       {
     UserName = "******",
     Password = "******",
     RememberMe = false
       };
       ActionResult result = controller.LogOn(model, "/someUrl");
       Assert.IsInstanceOf(typeof(RedirectResult), result);
       RedirectResult redirectResult = (RedirectResult)result;
       Assert.AreEqual("/someUrl", redirectResult.Url);
       Assert.IsTrue(((MockFormsAuthenticationService)controller.FormsService).SignIn_WasCalled);
 }