public ActionResult SignIn([Bind(Include = "CustomerId,Password")] CustomerSignIn customerSignIn, string ReturnUrl) { using (NorthwindEntities db = new NorthwindEntities()) { if (ModelState.IsValid) { // find customer by CustomerId Customer customer = db.Customers.Find(customerSignIn.CustomerId); // hash & salt the posted password string str = UserAccount.HashSHA1(customerSignIn.Password + customer.UserGuid); // Compared posted Password to customer password if (str == customer.Password) { // Passwords match // authenticate user (this stores the CustomerID in an encrypted cookie) // normally, you would require HTTPS FormsAuthentication.SetAuthCookie(customer.CustomerID.ToString(), false); //send a cookie to client to indicate that this is a customer HttpCookie myCookie = new HttpCookie("role"); myCookie.Value = "customer"; Response.Cookies.Add(myCookie); // if there is a return url, redirect to the url if (ReturnUrl != null) { return(Redirect(ReturnUrl)); } // Redirect to Home page return(RedirectToAction(actionName: "Index", controllerName: "Home")); } else { // Passwords do not match ModelState.AddModelError("Password", "Incorrect password"); } // create drop-down list box for company name ViewBag.CustomerID = new SelectList(db.Customers.OrderBy(c => c.CompanyName), "CustomerID", "CompanyName").ToList(); return(View()); } // create drop-down list box for company name ViewBag.CustomerID = new SelectList(db.Customers.OrderBy(c => c.CompanyName), "CustomerID", "CompanyName").ToList(); return(View()); } }
public ActionResult SignIn([Bind(Include = "CustomerId,Password")] CustomerSignIn customerSignIn, string ReturnUrl) { if (ModelState.IsValid) { using (var db = new NorthwindEntities()) { Customer customer = db.Customers.Find(customerSignIn.CustomerId); var pass = UserAccount.HashSHA1(customerSignIn.Password + customer.UserGuid); if (pass == customer.Password) { FormsAuthentication.SetAuthCookie(customer.CustomerID.ToString(), false); HttpCookie cookie = new HttpCookie("role"); if (customer.Role == 0) { cookie.Value = "customer"; } else if (customer.Role == 1) { cookie.Value = "vendor"; } Response.Cookies.Add(cookie); if (ReturnUrl != null) { return(Redirect(ReturnUrl)); } return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError("Password", "Incorrect password"); } ViewBag.CustomerId = new SelectList(db.Customers.OrderBy(c => c.CompanyName), "CustomerID", "CompanyName").ToList(); } } return(View()); }