public ActionResult Login(LoginModel loginModel) { //Populate invitationModel depending on what is returned from various views if (PopulateModel(loginModel)) { bool isValid = true; string URL = String.Empty; // RESET PASSWORD if (invitationModel.ATSMethod == ATS.Methods.ResetPassword) { /* If the user returned to this website by clicking a reset passwork link, we first have to update their password to the new value they just entered. */ ATSResult resetResult = Shared.SetCredentials(invitationModel.InviteeIMIS_ID, invitationModel.Username, invitationModel.Password); isValid = IsATSResultOK(resetResult); } if (!isValid) { return(View("Error")); } else { // LOGIN XDocument xmlDoc = Shared.UnifiedLogin(invitationModel.Username, invitationModel.Password); XNamespace xmlNamespace = xmlDoc.Root.Name.Namespace; string resultMessage = xmlDoc.Root.Element(xmlNamespace + "ResultMessage").Value; if (resultMessage != "Failed" && resultMessage != "LockedOut") { //If invitee somehow used someone else's credentials, do not allow them to proceed. UnifiedLogin will return //the IMIS ID but we have to go back and get the email address to verify it is actually the one intended by the invitee. string verifyEmail = InvitationRepository.GetEmailByID(xmlDoc.Root.Element(xmlNamespace + "ID").Value); if (verifyEmail == null || !verifyEmail.Equals(invitationModel.Email, StringComparison.InvariantCultureIgnoreCase)) { return(View("LoginFailed")); } ATSResult result = new ATSResult(); /* If this is not an NM, EMP or NEMP then we need to create a new "clone" account that IS an EMP */ List <string> validMemberTypes = new List <string> { "NM", "EMP", "NEMP" }; if (!validMemberTypes.Contains(invitationModel.MemberType)) { if (Shared.CanAddContact(invitationModel.InvitationIMIS_ID, invitationModel.FirstName, invitationModel.LastName, invitationModel.Email)) { // Redirect to NewAccount and prepopulate with data we already have (except prompting for new web user credentials)? invitationModel.CloneAccount = true; return(RedirectToAction("NewAccount", invitationModel)); } else { TempData["ErrorMsg"] = "This account already exists. Please try again."; return(View("Error")); } } /* If we had a successful login and the Invitee has a CompanyID that is different than the InvitationIMIS_ID, then reassociate the account. */ else if (invitationModel.InviteeCompanyID != invitationModel.InvitationIMIS_ID) { //DO NOT pass Username/Password here because it will auto-generate a bogus email with plain text username/password telling the user that their info has been changed (even when it hasn't, because we're using SetCredentials to do that) result = Shared.UpdateContact(invitationModel.InviteeIMIS_ID, invitationModel.FirstName, invitationModel.MiddleName, invitationModel.LastName, invitationModel.Email, String.Empty, //invitationModel.Username, String.Empty, //invitationModel.Password, invitationModel.WorkPhone, invitationModel.HomePhone, invitationModel.InstituteName, invitationModel.InvitationIMIS_ID); isValid = IsATSResultOK(result); } else { //valid member type and not changing company ID isValid = true; } if (!isValid) { return(View("Error")); } else { //Update the invitation's Received flag here (in case there was any problem before/during the account creation process, then the user can attempt to use the invitation again until the account is created and logged in). InvitationRepository.UpdateInvitationReceived(Invitation); string storeAuthURL = "http://members.brewersassociation.org/store/StoreAuth.aspx?name1=" + invitationModel.Username + "&name2=" + invitationModel.Password + "&RedirectToAccount=1"; #if DEBUG storeAuthURL += "&useDEV=1"; #endif return(View("AddedToRoster")); //return new RedirectResult(storeAuthURL); } } else { return(View("LoginFailed")); } } } else { return(RedirectToAction("NotAuthorized")); } }