protected void btnLogin_Click(object sender, EventArgs e) { var returnUrl = Request.QueryString["returnUrl"]; bool loginValid = false; var userName = tbUsername.Text; var pw = tbPassword.Text; var ctx = new RedditRSSEntities(); var appUser = ctx.AppUsers.Where(x => x.Username == userName).FirstOrDefault(); if (appUser != null) { var validPW = CryptUtil.ValidatePassword(pw, appUser.HashedPassword); if (validPW) { loginValid = true; Session[AppConstants.SessionKeys.LOGGED_IN_USER_ID] = appUser.ID; Session[AppConstants.SessionKeys.LOGGED_IN_USER_NAME] = appUser.Username; } } if (!loginValid) { lblMessage.Text = "Login invalid. Please check the username and password"; } else { Response.Redirect("~/" + (returnUrl == null ? "": returnUrl)); } }