public void SignIn(string Username, string password, bool isChecked) { string pass = EncodePasswordMd5(password); //var user = (from c in db.M_Users where c.UserName == Username && c.Password == pass select c).FirstOrDefault(); M_Users user = new M_Users(); SqlCommand cmdSql = new SqlCommand(); cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandType = CommandType.StoredProcedure; cmdSql.CommandText = @"dbo.LoginVerification"; cmdSql.Parameters.Clear(); cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = Username; cmdSql.Parameters.Add("@Password", SqlDbType.NVarChar).Value = pass; cmdSql.Parameters.Add("@Result", SqlDbType.NVarChar, -1).Value = 0; cmdSql.Parameters["@Result"].Direction = ParameterDirection.Output; cmdSql.CommandTimeout = 0; conn.Open(); cmdSql.ExecuteNonQuery(); string Result = cmdSql.Parameters["@Result"].Value.ToString(); using (SqlDataReader rdr = cmdSql.ExecuteReader()) { while (rdr.Read()) { user.ID = Convert.ToInt64(rdr["ID"]); user.EmployeeNo = rdr["EmployeeNo"].ToString(); user.FirstName = rdr["FirstName"].ToString(); user.LastName = rdr["LastName"].ToString(); user.Email = rdr["Email"].ToString(); user.Password = rdr["Password"].ToString(); user.UserPhoto = rdr["UserPhoto"].ToString(); user.DivisionID = Convert.ToInt64(rdr["DivisionID"]);//.ToString(); user.DepartmentID = Convert.ToInt64(rdr["DepartmentID"]); user.SectionID = Convert.ToInt64(rdr["SectionID"]); } } conn.Close(); if (user.EmployeeNo != null) { if (isChecked) { Response.Cookies["UserName"].Expires = DateTime.Now.AddDays(30); Response.Cookies["Password"].Expires = DateTime.Now.AddDays(30); Response.Cookies["UserName"].Value = Username; Response.Cookies["Password"].Value = password; } else { Response.Cookies["UserName"].Expires = DateTime.Now.AddDays(-1); Response.Cookies["Password"].Expires = DateTime.Now.AddDays(-1); } System.Web.HttpContext.Current.Session["user"] = user; FormsAuthentication.SetAuthCookie(user.EmployeeNo, true); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, user.EmployeeNo, DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes), isChecked, user.ToString()); RefreshPageAccess(user.EmployeeNo); } else { System.Web.HttpContext.Current.Session["Result"] = Result; Response.Redirect("/Login/Login"); } }