public ActionResult ValidateLogin(LoginModel login) { try { if (ModelState.IsValid) { var user = SecurityServices.ValidateUser(login.Name, login.Password); if (user == null) { SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid credentials: {0} - {1}", login.Name, login.Password)); ModelState.AddModelError(String.Empty, "The login name or password is invalid."); } if (user != null && !user.CanLogin) { SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "User login disabled"); ModelState.AddModelError(String.Empty, "Access denied."); } if (user != null && !IsIpValid(user.RoleName, login.LocationId)) { SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "Invalid IP address"); ModelState.AddModelError(String.Empty, "Access denied."); } if (ModelState.IsValid) { if (login.DowngradeRole) { user.RoleName = "Employee"; SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, "Downgraded to Employee role"); } else if (user.RoleName == "Manager" && login.LocationId != user.LocationId) { user.RoleName = "Employee"; var message = string.Format("Manager downgraded to Employee role"); SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, message); } else { SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress); } var token = CreateToken(user.Id, user.RoleName, login.LocationId); var auth = TokenSerializer.GetCookieFromToken(token); if (HttpContext.Request.IsLocal) //local development overrides { auth.Domain = null; auth.Secure = false; } HttpContext.Response.Cookies.Add(auth); if (Url.IsLocalUrl(login.ReturnUrl) && user.RoleName == "Administrator") { return(Redirect(login.ReturnUrl)); } else { return(RedirectToAction("Index", "ShopFloor")); } } } else { SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid model state: {0}", ModelState.ToString())); } } catch (Exception ex) { Logger.Error(ex.ToString()); ModelState.AddModelError(String.Empty, Constants.ServerError); } // Invalid - redisplay with errors ViewBag.Locations = LocationServices.GetLocationLookup(); return(View("Index", login)); }