Exemplo n.º 1
0
        public ActionResult SignIn(LoginModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                var info = _userService.ValidateUser(model.UserName, StringEncryptor.EncryptPassword(model.Password));

                if (info != null)
                {
                    if (!info.IsActive)
                    {
                        ModelState.AddModelError("", "The account is not allowed to access. Please contact Administrator.");
                    }
                    else
                    {
                        string userPermission = "";


                        var userRoleList = _userRoleService.GetMany(x => x.UserId == info.Id && !x.Role.Deleted);

                        //foreach (var userRole in info.UserRoles.Where(x => !x.Role.Deleted))
                        foreach (var userRole in userRoleList)
                        {
                            userRole.Role = _roleService.Get(x => x.Id == userRole.RoleId && !x.Deleted);

                            if (userRole.Role != null)
                            {
                                userRole.Role.RolePermissions =
                                    _rolePermissionService.GetMany(x => x.RoleId == userRole.RoleId);

                                var rolePermission = userRole.Role.RolePermissions.Distinct().ToList();

                                //userPermission += GetRoleString(userRole.Role.RolePermissions) + ",";
                                userPermission += GetRoleString(rolePermission) + ",";
                            }
                        }


                        SecurityContext.CreateAuthenticationCookie(info.Username.ToUpper(), true, info.Id, userPermission.TrimEnd(','), info.FirstName, info.LastName, info.IsSLS);

                        if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
                            !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                        {
                            return(Redirect(returnUrl));
                        }


                        return(RedirectToAction("Index", "Home"));
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect.");
                }
            }

            // If we got this far, something failed, redisplay form
            return(View(model));
        }