public ActionResult Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = Context.Users.Where( u => u.Username.ToUpper() == model.Username.ToUpper() && u.Password == model.Password) .FirstOrDefault(); if (user != null) { var roles = user.Roles.Select(m => m.RoleName).ToArray(); CustomPrincipalSerializeModel serializeModel = new CustomPrincipalSerializeModel(); serializeModel.UserId = user.UserId; serializeModel.UserName = user.Username; serializeModel.roles = roles; string userData = JsonConvert.SerializeObject(serializeModel); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, user.Username, DateTime.Now, DateTime.Now.AddMinutes(15), false, userData); string encTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); Response.Cookies.Add(faCookie); if (roles.Contains("Admin")) { return RedirectToAction("Index", "Admin"); } else { if (returnUrl == null) return RedirectToAction("Index", "Books"); try { return Redirect(returnUrl); } catch { return RedirectToAction("Index", "Books"); } } } ModelState.AddModelError("", "Incorrect username and/or password"); } return View(model); }