//[ValidateAntiForgeryToken] public ActionResult Login(LoginModel model, string returnUrl) { if (ModelState.IsValid) { if (model.UserName.Contains("@") && WebSecurity.Login(model.UserName, model.Password)) { model.ProfileUser = model.UserName; return(DoLogin(model)); } if (authBL.CheckLogin(Convert.ToInt32(model.ELT_account_number), model.UserName, model.Password)) { var profile_user = string.Format(COMMON.AppConstants.PROFILE_USER, model.UserName, model.ELT_account_number); if (!authBL.CheckProfileExist(Convert.ToInt32(model.ELT_account_number), profile_user)) { WebSecurity.CreateUserAndAccount(profile_user, "1234"); authBL.UpdateProfileEltAccount(Convert.ToInt32(model.ELT_account_number), profile_user); } model.ProfileUser = profile_user; WebSecurity.Login(profile_user, "1234"); return(DoLogin(model)); } } // If we got this far, something failed, redisplay form ModelState.AddModelError("", "The user name or password provided is incorrect."); return(View(model)); }