public ActionResult Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = db.UserSys .Where(u => u.Email == model.Email).SingleOrDefault(); // check user password if (user != null && PasswordSecurity.IsPasswordMatch(user.Password, user.Salt, model.Password)) { UserRole userRole = db.UserRole.SingleOrDefault(r => r.Id == user.UserRoleId); this.Session.Add("UserId", user.Id); if (userRole.IsAdmin) { this.Session.Add("IsUserAdmin", 1); } else { this.Session["IsUserAdmin"] = null; } FormsAuthentication.SetAuthCookie(model.Email, false); return(RedirectToAction("List", "Customer")); } else { ModelState.AddModelError("", "The e-mail and/or password entered is invalid. Please Try again."); } } return(View(model)); }