public ActionResult Login(EmployeeLogin model, string returnUrl) { if (ModelState.IsValid) { UserManagerModel userManager = new UserManagerModel(_employeeLoginService, _employeeService, _unitOfWorkAsync, _departmentRoleService, _departmentService); model = userManager.GetEmployeeLoginDetails(model.UserName); var employee = _employeeService.Queryable().Where(f => f.EmployeeId == model.EmployeeId).FirstOrDefault(); employee.EmployeeLogin = model; employee.DepartmentRole = _departmentRoleService.Queryable().Where(f => f.DepartmentRoleId == employee.DepartmentRoleId).FirstOrDefault(); employee.Department = _departmentService.Queryable().Where(f => f.DepartmentId == employee.DepartmentId).FirstOrDefault(); if (string.IsNullOrEmpty(employee.EmployeeLogin.Password)) ModelState.AddModelError("", "The user login or password provided is incorrect."); else { if (model.Password.Equals(employee.EmployeeLogin.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, true); Session["Employee"] = employee; return RedirectToAction("Index", "Home"); } else { ModelState.AddModelError("", "The password provided is incorrect."); } } } // If we got this far, something failed, redisplay form return View(model); }
protected override bool AuthorizeCore(HttpContextBase httpContext) { IEmployeeBLL _employeeService = DependencyResolver.Current.GetService<IEmployeeBLL>(); IEmployeeLoginBLL _employeeLoginService = DependencyResolver.Current.GetService<IEmployeeLoginBLL>(); IUnitOfWorkAsync _unitOfWorkAsync = DependencyResolver.Current.GetService<IUnitOfWorkAsync>(); IDepartmentRoleBLL _departmentRoleService = DependencyResolver.Current.GetService<IDepartmentRoleBLL>(); IDepartmentBLL _departmentService = DependencyResolver.Current.GetService<IDepartmentBLL>(); bool authorize = false; foreach (var roles in userAssignedRoles) { UserManagerModel userManager = new UserManagerModel(_employeeLoginService, _employeeService, _unitOfWorkAsync, _departmentRoleService, _departmentService); authorize = userManager.IsUserInRole(httpContext.User.Identity.Name, roles); if (authorize) { _employeeService = null; _employeeLoginService = null; _unitOfWorkAsync = null; _departmentRoleService = null; return authorize; } } _employeeService = null; _employeeLoginService = null; _unitOfWorkAsync = null; _departmentRoleService = null; return authorize; }