private string[] LookupRolesForUser(string name)
        {
            var repo = new AccountRepository(); // In the real world, you would probably use service locator pattern and call DependencyResolver here
            var user = repo.FindByName(name);
            if (user != null)
            {
                return user.Roles;
            }

            return new string[0];  // Alternatively throw an exception
        }
        public ActionResult Login(string userName, string password, string returnUrl)
        {
            var repo = new AccountRepository();

            var user = repo.FindByName(userName);
            if (user != null && user.ValidatePassword(password))
            {
                FormsAuthentication.SetAuthCookie(userName, false);
                if (returnUrl != null && Url.IsLocalUrl(returnUrl))
                    return Redirect(returnUrl);
                else
                    return RedirectToAction("Index");
            }

            ModelState.AddModelError("", "Invalid user name or password");
            return View();
        }