public ActionResult Index(LoginUserModel model)
{
try
{
if (ModelState.IsValid)
{
if (_accountBl.CheckCredentials(model.Username, model.Password))
{
logger.Info("Valid credentials, logging in.");
var sessionModel = _accountBl.CreateSessionModel(model);
HttpContext.User = new UserPrincipal(sessionModel);
// TODO: cookie?
FormsAuthentication.SetAuthCookie(sessionModel.Username, model.RememberMe);
var authTicket = new FormsAuthenticationTicket(
1,
sessionModel.Username,
DateTime.Now,
DateTime.Now.AddMinutes(60),
model.RememberMe,
sessionModel.Role
);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
HttpContext.Response.Cookies.Add(authCookie);
if (TempData["ReturnUrl"] != null)
{
return(Redirect(TempData["ReturnUrl"] as string));
}
return(RedirectToAction("Index", "Auctions"));
}
logger.Info("Invalid credentials for user " + model.Username);
ViewBag.ErrorMessage = "Invalid credentials.";
return(View("Login"));
}
logger.Info("Invalid model state.");
return(View("Login"));
}
catch (Exception e)
{
logger.Error("Exception occured, redirecting to login." + e.Message);
return(View("Login"));
}
}
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
var authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
if (authTicket != null && !authTicket.Expired)
{
var sessionModel = _accountBl.CreateSessionModel(new LoginUserModel
{
Username = authTicket.Name,
Password = ""
});
HttpContext.Current.User = new UserPrincipal(sessionModel);
}
}
}