public ActionResult Login(LoginModel model, string returnUrl) { if (ModelState.IsValid) { if (!Url.IsLocalUrl(returnUrl)) { returnUrl = null; } if (!Authentication.AuthenticateOrRedirectStockwinnersMember(model.Email, model.Password, returnUrl, model.RememberMe)) { ModelState.AddModelError("", "The user name or password provided is incorrect."); } } // If we got this far, something failed, redisplay form ViewBag.ReturnUrl = returnUrl; return(View(model)); }