public override async Task AuthenticateLocalAsync(LocalAuthenticationContext ctx) { var username = ctx.UserName; var password = ctx.Password; var message = ctx.SignInMessage; ctx.AuthenticateResult = null; if (userManager.SupportsUserPassword) { var user = await FindUserAsync(username); if (user != null) { if (!await userManager.IsEmailConfirmedAsync(user.Id)) { return; } if (userManager.SupportsUserLockout && await userManager.IsLockedOutAsync(user.Id)) { return; } if (await userManager.CheckPasswordAsync(user, password)) { if (userManager.SupportsUserLockout) { await userManager.ResetAccessFailedCountAsync(user.Id); } var result = await PostAuthenticateLocalAsync(user, message); if (result == null) { var claims = await GetClaimsForAuthenticateResult(user); result = new AuthenticateResult(user.Id.ToString(), await GetDisplayNameForAccountAsync(user.Id), claims); } ctx.AuthenticateResult = result; } else if (userManager.SupportsUserLockout) { await userManager.AccessFailedAsync(user.Id); } } } }
public async System.Threading.Tasks.Task <ActionResult> LogOn(string username, string password, bool?staySignedIn, string returnUrl) { var userStore = new Microsoft.AspNet.Identity.EntityFramework.UserStore <Microsoft.AspNet.Identity.EntityFramework.IdentityUser>(); var manager = new Microsoft.AspNet.Identity.UserManager <Microsoft.AspNet.Identity.EntityFramework.IdentityUser>(userStore); var user = await manager.FindByNameAsync(username); bool result = await manager.CheckPasswordAsync(user, password); if (result) { if (user.EmailConfirmed) { //I have some options: log them in, or I can send them an email to "Confirm" their account details.' //I don't have email set up this week, so we'll come back to that. //This authentication manager will create a cookie for the current user, and that cookie will be exchanged on each request until the user logs out var authenticationManager = HttpContext.GetOwinContext().Authentication; var userIdentity = await manager.CreateIdentityAsync(user, Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie); authenticationManager.SignIn(new Microsoft.Owin.Security.AuthenticationProperties() { }, userIdentity); } else { ViewBag.Error = new string[] { "Your email address has not been confirmed." }; return(View()); } } else { ViewBag.Error = new string[] { "Unable to Log In, check your username and password" }; return(View()); } if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index", "Home")); } else { return(Redirect(returnUrl)); } }