public ActionResult Edit([Bind(Exclude = "Account,Password")] User user) { ModelState.Remove("Account"); ModelState.Remove("Password"); if (!ModelState.IsValid) { return(View(user)); } if (!CanUseAction(user.UserID)) { return(RedirectToAction("AccessDenied", "Home")); } ViewBag.permissions = AuthenticationManager.UserAccessLevel(Session); var existingUser = _db.Users.Find(user.UserID); if (existingUser == null) { return(RedirectToAction("AccessDenied", "Home")); } // update existing user (by first remapping excluded properties) user.Account = existingUser.Account; user.Password = existingUser.Password; Mapper.Map(user, existingUser); // update session AuthenticationManager.Reauthenticate(existingUser, Session); _db.Entry(existingUser).State = EntityState.Modified; _db.SaveChanges(); return(RedirectToAction("Index", "Home")); }
public ActionResult Create([Bind(Exclude = "")] User user) { if (!ModelState.IsValid) { return(View(user)); } // always default to a simple user. var newUser = Mapper.Map <Models.User>(user); _db.Users.Add(newUser); _db.SaveChanges(); return(AuthenticationManager.Authenticate(newUser, user.Password, Session) == SignInStatus.Success ? (ActionResult)RedirectToAction("Index", "Home") : View(user)); }