// POST: /api/login public HttpResponseMessage Post(LoginUser loginUser) { if (!this.ModelState.IsValid) { return this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, this.ModelState); } var user = this.db.Users.GetByUserNameOrEmail(loginUser.UserName, loginUser.Password); if (user == null) { this.ModelState.AddModelError(string.Empty, "The username or password provided is incorrect."); return this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, this.ModelState); } this.formsAuth.SetAuthCookie(user.UserName, true); return this.Request.CreateResponse( HttpStatusCode.OK, new { UserName = user.UserName, Email = user.Email, EmailHash = user.EmailHash, DisplayName = user.DisplayName }); }