ASP.NET - Login Form

Model

public class LoginModel
{
    public string UserName { get; set; }
    public string Password { get; set; }
    public string ReturnUrl { get; set; }
}

View

@{
    ViewBag.Title = "Login";
}
 
@model WebApp1.Models.LoginModel
 
<h2>Login</h2>
 
<div>
    <form method="post">
        <table>
            <tr>
                <td>Username:</td>
                <td><input type="text" name="username" value="@(Model?.UserName)"/></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type="text" name="password" value="@(Model?.Password)"/></td>
            </tr>
            <tr>
                <td colspan="2">@(string.Join(",", ViewData.ModelState.SelectMany(x => x.Value.Errors).Select(x => x.ErrorMessage)))</td>
            </tr>
        </table>
        <input type="submit" value="Submit" />
    </form>
</div>

Controller

[AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
public ActionResult Login(LoginModel model)
{
    if (Request.HttpMethod == "POST") {
        if (ModelState.IsValid) {
            if (model.UserName == "admin" && model.Password == "123") {
                FormsAuthentication.SetAuthCookie(model.UserName, false);
                if (!string.IsNullOrEmpty(model.ReturnUrl) && Url.IsLocalUrl(model.ReturnUrl)) {
                    Redirect(model.ReturnUrl);
                }
                else {
                    RedirectToAction("Index", "Home");
                }
            }
            else {
                ModelState.AddModelError("", "Invalid username or password.");
            }
        }
    }
    return View(model);
}
 
public ActionResult Logout()
{
    FormsAuthentication.SignOut();
    return RedirectToAction("Login", "Home");
}

web.config

<system.web>
  <authentication mode="Forms">
    <forms cookieless="UseCookies" loginUrl="/Home/Login" timeout="60" />
  </authentication>
</system.web>