private string[] LookupRolesForUser(string name)
        {
            var repo = new AccountRepository(); // In the real world, you would probably use service locator pattern and call DependencyResolver here
            var user = repo.FindByName(name);
            if (user != null)
            {
                return user.Roles;
            }

            return new string[0];  // Alternatively throw an exception
        }
 public ActionResult CreateUser(string userName, string password, string roles)
 {
     var newUser = new Account()
         {
             UserName = userName,
             Roles = (String.IsNullOrWhiteSpace(roles) ? new string[0] : roles.Split(','))
         };
     newUser.SetPassword(password);
     var repo = new AccountRepository();
     repo.AddAccount(newUser);
     return RedirectToAction("Index");
 }
        public ActionResult Login(string userName, string password, string returnUrl)
        {
            var repo = new AccountRepository();

            var user = repo.FindByName(userName);
            if (user != null && user.ValidatePassword(password))
            {
                FormsAuthentication.SetAuthCookie(userName, false);
                if (returnUrl != null && Url.IsLocalUrl(returnUrl))
                    return Redirect(returnUrl);
                else
                    return RedirectToAction("Index");
            }

            ModelState.AddModelError("", "Invalid user name or password");
            return View();
        }