public ActionResult Login(string UserName, string Pwd) { var loginModel = new LoginModel(); loginModel.UserName = UserName; loginModel.Pwd = Pwd; loginService = new LoginService(); string lastUrl = ""; if (!loginService.Login(loginModel)) { throw new Exception(string.Format("[VALIDATION] {0}", "Login fail")); } else if (!loginService.CheckDbName()) { throw new Exception(string.Format("[VALIDATION] {0}", "db setting not valid (APP:SpSysGetSapDb, SAP:SpSysGetAppDb) ")); } else if (loginService.CheckPasswordExpired(loginModel.UserName)) { var model = loginService.GetLoginInfo(loginModel.UserName); Session["IsPassExpired"] = "Y"; Session["userId"] = model.UserId; Session["userName"] = model.UserName; Session["roleName"] = model.RoleName; Session["isAdmin"] = GeneralGetList.GetIsAdmin(model.RoleName); Session["branchCode"] = model.BranchCode; Session["branchName"] = model.BranchName; lastUrl = Url.Action("Index", "ChangePassword"); if (!string.IsNullOrEmpty(model.LastController)) { Session["lastController"] = model.LastController; } else { Session["lastController"] = ""; } } else { var model = loginService.GetLoginInfo(loginModel.UserName); Session["IsPassExpired"] = "N"; Session["userId"] = model.UserId; Session["userName"] = model.UserName; Session["roleName"] = model.RoleName; Session["isAdmin"] = GeneralGetList.GetIsAdmin(model.RoleName); Session["branchCode"] = model.BranchCode; Session["branchName"] = model.BranchName; if (!string.IsNullOrEmpty(model.LastController)) { if (GeneralGetList.GetAuthAction((int)Session["userId"], model.LastController + "/" + "Detail")) { lastUrl = Url.Action("Detail", model.LastController); } } if (string.IsNullOrEmpty(lastUrl)) { lastUrl = Url.Action("Index", "Home"); } } return(Content(lastUrl)); }