public ActionResult LoginUser(string name, string password)
{
// TODO: DDoS vulnerability. Throttling needs to be added here.
if (string.IsNullOrWhiteSpace(name) || string.IsNullOrWhiteSpace(password))
{
return(this.Json(new { result = "error", message = StringResource.login_ErrorUserCredentials }));
}
UserIdentityManager.ResetUser(this.Request, this.Response);
var user = this.repository.Login(name, password);
if (user == null)
{
return(this.Json(new { result = "error", message = StringResource.login_ErrorUserCredentials }));
}
if (!user.IsActivated)
{
return(this.Json(new { result = "error", message = StringResource.login_ErrorUserNotActivated }));
}
UserIdentityManager.AddUserSession(this.Response, user);
return(this.Json(new { result = "success" }));
}
