public ActionResult Register(Users u)
{
if (ModelState.IsValid)
{
using (UsersEntities dc = new UsersEntities())
{
//you should check duplicate registration here
dc.Users.Add(u);
dc.SaveChanges();
ModelState.Clear();
System.Web.Security.FormsAuthentication.SetAuthCookie(u.Name, false);
u = null;
}
}
return RedirectToAction("Index", "Home");
}
public ActionResult Login(Users u, string returnUrl)
{
if (ModelState.IsValid)
{
using (UsersEntities entities = new UsersEntities())
{
string username = u.Name;
string password = u.Password;
// Now if our password was enctypted or hashed we would have done the
// same operation on the user entered password here, But for now
// since the password is in plain text lets just authenticate directly
bool userValid = entities.Users.Any(user => user.Name == username && user.Password == password);
// User found in the database
if (userValid)
{
System.Web.Security.FormsAuthentication.SetAuthCookie(username, false);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
}
// If we got this far, something failed, redisplay form
return View(u);
}