public ActionResult Login(string username, string password, string returnUrl) { if (string.IsNullOrEmpty(username)) { username = "******"; } //Default value that is set if nothing is entered var user = _securityService.GetSecurityUserByLogin(username, password); if (user != null) { IdentityService.AuthorizeUser(user); if (!string.IsNullOrEmpty(returnUrl)) { Response.Redirect(returnUrl); } return(RedirectToAction("Index", "Home")); } else { return(RedirectToAction("Login")); // should be forbidden or unauth } }
public RedirectResult Register(RegisterBindingModel model, string ReturnUrl) { var securityUser = new SecurityUser { Email = model.Email, UserName = model.Username, FirstName = model.FirstName, LastName = model.LastName, PasswordPlaintext = model.Password, PasswordPlaintextConfirm = model.ConfirmPassword, Admin = User.Identity.IsAuthenticated && User.IsInRole("Admin") && model.Admin }; if (_securityService.CreateUser(securityUser, model.RegistrationCode) && !(User.Identity.IsAuthenticated && User.IsInRole("Admin"))) { IdentityService.AuthorizeUser(securityUser); } return(!string.IsNullOrEmpty(ReturnUrl) ? Redirect(ReturnUrl) : Redirect("/Home/Index")); }