private async Task HandleLoginFailure(LoginViewModel model) { Logger.Trace("Login failed: user {0}", model.Email); ModelState.AddModelError("", await GenerateTryLoginWithFederationProviderErrorMessage(model.Email)); SignOut(); }
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return View(model); } // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true SignInStatus result; try { result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false); } catch (NotRegisteredForServiceException) { HandleUserNotRegisteredForService(model.Email); return View(); } catch (FormatException) { // Legacy passwords are not valid Base-64 strings result = SignInStatus.Failure; // Try to authenticate the user using a legacy login service var user = await _userStore.FindByEmailAsync(model.Email); if (!string.IsNullOrWhiteSpace(user?.PasswordHash) && user.PasswordHash.StartsWith(LegacyPasswordPrefix) && !string.IsNullOrWhiteSpace(model.Email)) { if (LegacyPasswordService != null && await LegacyPasswordService.CheckPasswordAsync(user, model.Password)) { // set the password using (var tx = new TransactionScope()) { _userManager.RemovePassword(user.Id); _userManager.AddPassword(user.Id, model.Password); var updatedUser = await _userStore.FindByIdAsync(user.Id); if (string.IsNullOrEmpty(updatedUser.PasswordHash)) { throw new Exception("Unable to set password of user " + user.Id); } tx.Complete(); } // and login try { result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false); } catch (NotRegisteredForServiceException) { HandleUserNotRegisteredForService(model.Email); return View(); } catch (AppNotAllowedException) { return await SelectAppOrRedirect(model.Email); } // or force a password reset //return await RequestPasswordReset(new ForgotPasswordViewModel { Email = user.Email}); } } else { // Not a legacy password, so rethrow throw; } } catch (AppNotAllowedException) { return await SelectAppOrRedirect(model.Email); } switch (result) { case SignInStatus.Success: return RedirectToLocal(returnUrl); case SignInStatus.LockedOut: Logger.Trace("Login failed: user {0} is locked out", model.Email); return View("Lockout"); case SignInStatus.RequiresVerification: Logger.Trace("Login failed: user {0} is unverified", model.Email); return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }); case SignInStatus.Failure: default: await HandleLoginFailure(model); return View(model); } }