public async Task <ActionResult> Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return(View(model)); } User user = new User() { Username = model.Username, Password = model.Password }; var role = await ApiRepository.AuthenticateUserAsync(user); if (role.RoleId != 0) { FormsAuthentication.SetAuthCookie(model.Email, false); var authTicket = new FormsAuthenticationTicket(1, user.Username, DateTime.Now, DateTime.Now.AddMinutes(20), false, role.RoleName); string encryptedTicket = FormsAuthentication.Encrypt(authTicket); var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); HttpContext.Response.Cookies.Add(authCookie); return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError("", "Invalid login attempt."); return(View(model)); } }