public async Task <IActionResult> Login(LoginInputModel model)
{
if (ModelState.IsValid)
{
// validate username/password against in-memory store
if (_loginService.ValidateCredentials(model.Username, model.Password))
{
// issue authentication cookie with subject ID and username
var user = _loginService.FindByUsername(model.Username);
AuthenticationProperties props = null;
// only set explicit expiration here if persistent.
// otherwise we reply upon expiration configured in cookie middleware.
if (model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.AddMonths(1)
};
}
;
await HttpContext.Authentication.SignInAsync(user.Subject, user.Username, props);
// make sure the returnUrl is still valid, and if yes - redirect back to authorize endpoint
if (_interaction.IsValidReturnUrl(model.ReturnUrl))
{
return(Redirect(model.ReturnUrl));
}
return(Redirect("~/"));
}
ModelState.AddModelError("", "Invalid username or password.");
}
// something went wrong, show form with error
var vm = await BuildLoginViewModelAsync(model);
return(View(vm));
}
public bool ValidateCredentials(string username, string password)
{
return(_userLoginServiceImplementation.ValidateCredentials(username, password));
}
