public ActionResult Login(LoginCredentials credentials, string returnUrl)
        {
            var account = Account;
            if (!ModelState.IsValid)
            {
                ErrorMessage = "Email address is not valid.";

                return View("Index", new MainViewModel(account).WithAccountAccessBase(credentials));
            }

            ValidateLoginCredentials storedCredentials;
            using (Session)
            {
                storedCredentials = Session.Query<Account, IndexEmail>()
                                           .Where(x => x.Email == credentials.Email)
                                           .AsEnumerable()
                                           .Select(x => new
                                               ValidateLoginCredentials(x.Password.HashedPassword, x.Password.Salt,
                                                                            x.Id))
                                           .SingleOrDefault();
            }

            if (storedCredentials == null)
            {
                ErrorMessage = string.Format("Your password does not match. <a href='{0}'>{1}</a> your password.",
                                             Url.Action("PasswordReset", "AccountAccess", new
                                             {
                                                 email = credentials.Email
                                             }, "http"),
                                             "Reset");

                return View("Index", new MainViewModel(account)
                    .WithAccountAccessBase(credentials));
            }

            var task =
                CommandExecutor.ExecuteCommand(new ValidateUserPasswordCommand(credentials.Password, storedCredentials));

            if (!task.Result)
            {
                ErrorMessage = string.Format("Your password does not match. <a href='{0}'>{1}</a> your password.",
                                             Url.Action("PasswordReset", "AccountAccess", new
                                             {
                                                 email = credentials.Email
                                             }, "http"),
                                             "Reset");

                return View("Index", new MainViewModel(account)
                    .WithAccountAccessBase(credentials));
            }
            
            FormsAuthentication.SignIn(storedCredentials.Id);
            App.ResetOutputCache();

            ActionResult redirect;
            if (RedirectToReturnUrl(returnUrl, out redirect))
            {
                return redirect;
            }

            return RedirectToRoute("secure", new
            {
                Controller = "Home"
            });
        }
        public ActionResult Register(LoginCredentials registrationData)
        {
            var account = Account;

            if (!ModelState.IsValid)
            {
                ErrorMessage = "Email address is not valid.";

                return View("Index", new MainViewModel(account)
                    .WithAccountAccessBase(registrationData));
            }

            if (Session.Query<Account, IndexEmail>()
                       .Any(x => x.Email == registrationData.Email))
            {
                ErrorMessage = "Email address is already in use.";

                return View("Index", new MainViewModel(account)
                    .WithAccountAccessBase(registrationData));
            }

            var task = CommandExecutor.ExecuteCommand(new HashPasswordCommand(registrationData.Password));
            var confirmationKey = CommandExecutor.ExecuteCommand(new GenerateUniqueConfirmationKeyCommand(Session));

            var newAccount = new Account
            {
                Email = registrationData.Email,
                Password = task.Result,
                Confirmation = new EmailConfirmation(confirmationKey),
                KeyQuota = new KeyQuota(App.KeySoftLimit)
            };

            Session.Store(newAccount);

            FormsAuthentication.SignIn(newAccount.Id);

            var url = Url.Action("Confirm", "Profile", new
            {
                newAccount.Confirmation.Key
            },
                                 "http");

            CommandExecutor.ExecuteCommand(new SendConfirmationEmailCommand(newAccount, url));

            return RedirectToRoute("secure", new
            {
                Controller = "Profile"
            });
        }