public ActionResult Login(Customer customerToLogin, string returnUrl) { _logger.InfoFormat("Login : email [{0}].", customerToLogin.Email); //TODO also check if admin email isn't reserved var foundCustomer = _customerAccountService.LoginCustomer(customerToLogin); if (foundCustomer != null) { log4net.GlobalContext.Properties["user"] = foundCustomer.Email; log4net.GlobalContext.Properties["role"] = "User"; _logger.InfoFormat("Login : email [{0}] was successful.", foundCustomer.Email); FormsAuthentication.SetAuthCookie("c" + foundCustomer.Email, false); Session["AccountId"] = foundCustomer.Id; Session["AccountEmail"] = foundCustomer.Email; Session["IsAdminAccount"] = false; if (returnUrl == null || returnUrl == string.Empty) { return(RedirectToAction("Index", "Store")); } return(Redirect(returnUrl)); } _logger.InfoFormat("Login : email [{0}] was unsuccessful.", customerToLogin.Email); ModelState.AddModelError("", "Wrong email or password"); return(View(foundCustomer)); }