public ActionResult LogOn(AccountLogOnViewModel model) { IEnumerable<Member> members = null; Member member = null; // server side validation if (ModelState.IsValid) { using (var poda = Poda.Factory.Create()) { members = poda.Execute() .ForPlainSQL("SELECT * FROM Members WHERE Email = @Email AND Password = @Password") .With("Email", model.Email) .With("Password", model.Password) .FederationOnAll() .AsEntities<Member>(new MemberEntityConverter()); if (members.Count() <= 0) { ModelState.AddModelError("Email", "Invalid email or password."); } else if (members.Count() > 1) { ModelState.AddModelError("Email", "There are more than one member with your email and password please contact the administrator."); } else { member = members.First(); } } } // login if (ModelState.IsValid) { var auth = new SimplePrincipalAuthenticationHelper(); var cookie = auth.CreateAuthenticationCookie(model.RememberMe, member, m => m.Email, DateTime.Now); Response.Cookies.Add(cookie); if (string.IsNullOrWhiteSpace(model.ReturnURL)) { return RedirectToAction("Index", "Home", null); } else { return Redirect(model.ReturnURL); } } else { return LogOn(model.ReturnURL); } }
protected void Application_AuthenticateRequest(object sender, EventArgs e) { if (FormsAuthentication.CookiesSupported) { HttpApplication app = (HttpApplication)sender; if (app.Request.IsAuthenticated && app.User.Identity is FormsIdentity) { string cookieName = FormsAuthentication.FormsCookieName; HttpCookie cookie = Context.Request.Cookies[cookieName]; if (cookie == null) return; FormsAuthenticationTicket ticket = null; try { ticket = FormsAuthentication.Decrypt(cookie.Value); } catch { return; } if (ticket == null) return; FormsIdentity identity = new FormsIdentity(ticket); ISimplePrincipalAuthenticationHelper helper = new SimplePrincipalAuthenticationHelper(); // for now there's no role in the system so the IsInRole we just return TRUE for all users SimplePrincipal<Member> principal = helper.RetrievePrincipalFromCookie<Member>(cookie, (m, role) => true); Context.User = principal; } } else { throw new HttpException("Cookies is not supported for this application."); } }