public static bool AuthenticateUser(string username, string password, bool rememberMe)
{
string un = (username ?? string.Empty).Trim();
string pw = (password ?? string.Empty).Trim();
if (!string.IsNullOrWhiteSpace(un) && !string.IsNullOrWhiteSpace(pw))
{
bool isValidated = Membership.ValidateUser(un, pw);
if (isValidated)
{
HttpContext context = HttpContext.Current;
DateTime expirationDate = DateTime.Now.Add(FormsAuthentication.Timeout);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
un,
DateTime.Now,
expirationDate,
rememberMe,
Blog.CurrentInstance.Id.ToString(),
FormsAuthentication.FormsCookiePath
);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
// setting a custom cookie name based on the current blog instance.
// if !rememberMe, set expires to DateTime.MinValue which makes the
// cookie a browser-session cookie expiring when the browser is closed.
HttpCookie cookie = new HttpCookie(FormsAuthCookieName, encryptedTicket);
cookie.Expires = rememberMe ? expirationDate : DateTime.MinValue;
context.Response.Cookies.Set(cookie);
string returnUrl = context.Request.QueryString["returnUrl"];
// ignore Return URLs not beginning with a forward slash, such as remote sites.
if (string.IsNullOrWhiteSpace(returnUrl) || !returnUrl.StartsWith("/"))
returnUrl = null;
if (!string.IsNullOrWhiteSpace(returnUrl))
{
context.Response.Redirect(returnUrl);
}
else
{
context.Response.Redirect(Utils.RelativeWebRoot);
}
return true;
}
}
return false;
}