public ActionResult Login(UserLoginInfo entity) { string oldHashValue = string.Empty; string salt = string.Empty; try { using (var db = new PCSEntities()) { // ensure we have a valid vewModel to work with if (!ModelState.IsValid) { return(View(entity)); } // retrive stored hash value from database according to username var userInfo = db.UserLogins.Where(s => s.UserName == entity.UserName.Trim()).FirstOrDefault(); if (userInfo != null) { oldHashValue = userInfo.PasswordHash; salt = userInfo.SecurityStamp; } bool isLogin = Helper.CompareMD5HashValue(entity.Password, entity.UserName, salt, oldHashValue); if (isLogin) { // Login success // check lockoutdate if (userInfo.LockoutEnabled) { if (userInfo.LockoutDateUtc != null && userInfo.LockoutDateUtc < DateTime.UtcNow) { // account is expired throw new Exception("Access Denied! This account is expired"); } } var returnToUrllink = false; if (!string.IsNullOrWhiteSpace(entity.ReturnURL) && Url.IsLocalUrl(entity.ReturnURL)) { returnToUrllink = true; } // For set authentication in Cookie (remember me option) SignInRemember(entity.UserName, entity.IsRemember); // set a unique id in session Session["UserId"] = userInfo.UserLoginId; Session["UserName"] = userInfo.UserName; Session["Role"] = userInfo.Role; switch ((UserRole)userInfo.Role) { case UserRole.ADMIN: //admin // return RedirectToAction("Index", "Admin"); // to do test if (!returnToUrllink) { return(RedirectToAction("EditAccount", "Admin")); } break; case UserRole.CLIENT: var recruiter = db.Recruiters.FirstOrDefault(s => s.UserLoginId == userInfo.UserLoginId); if (recruiter == null) { return(RedirectToAction("Error", "Error")); } // Recruiter var recruiterId = db.Recruiters.FirstOrDefault(s => s.UserLoginId == userInfo.UserLoginId).RecruiterId; Session["RecruiterId"] = recruiter.RecruiterId; Session["ClientId"] = recruiter.ClientId; if (!returnToUrllink) { return(RedirectToAction("ManageAccount", "Client")); } break; case UserRole.SPECIALIST: // specialist var specialistId = db.Specialists.FirstOrDefault(s => s.UserLoginId == userInfo.UserLoginId).SpecialistId; Session["SpecialistId"] = specialistId; if (!returnToUrllink) { return(RedirectToAction("ManageSpecialistAccount", "Specialist", new { id = specialistId })); } break; case UserRole.CANDIDATE: // Candidate // get candidate id if (!returnToUrllink) { return(RedirectToAction("EditProfile", "Candidate", new { userLoginId = userInfo.UserLoginId })); } break; default: return(RedirectToAction("Login", "Home")); } return(Redirect(entity.ReturnURL)); } else { // login fail throw new Exception("Access Denied! Wrong Credential."); } } } catch (Exception e) { TempData["ErrorMSG"] = e.Message; return(View(entity)); } }