public ActionResult Logon(AccountViewModel accountModel) { if (!ModelState.IsValid) { ShowError("Please provide your username and password!"); MergeModelState(); return RedirectToAction("Logon"); } var userItem = _userRepository.GetOne(u => u.Email == accountModel.Username); if (!AuthorizeUser(accountModel, userItem)) { ShowError("Invalid username or password"); MergeModelState(); return RedirectToAction("Logon"); } return RedirectToAction("Index", "Home"); }
private static bool AuthorizeUser(AccountViewModel accountModel, User user) { if (user != null && PasswordHash.ValidatePassword(accountModel.Password, user.Password, user.Salt)) { FormsAuthentication.SetAuthCookie(accountModel.Username, accountModel.Remember); return true; } return false; }