public ActionResult Index(LoginInputModel model)
{
if (ModelState.IsValid)
{
if (this.userAccountService.Authenticate(model.Username, model.Password))
{
authSvc.SignIn(model.Username);
if (userAccountService.IsPasswordExpired(model.Username))
{
return RedirectToAction("Index", "ChangePassword");
}
else
{
if (Url.IsLocalUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
}
else
{
ModelState.AddModelError("", "Invalid Username or Password");
}
}
return View(model);
}
public ActionResult Index(LoginInputModel model)
{
if (ModelState.IsValid)
{
BrockAllen.MembershipReboot.UserAccount account;
if (userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account))
{
authSvc.SignIn(account);
if (account.RequiresTwoFactorAuthCodeToSignIn)
{
return View("TwoFactorAuth");
}
if (userAccountService.IsPasswordExpired(account))
{
return RedirectToAction("Index", "ChangePassword");
}
if (Url.IsLocalUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", "Invalid Username or Password");
}
}
return View(model);
}
public ActionResult Index(LoginInputModel model)
{
if (ModelState.IsValid)
{
BrockAllen.MembershipReboot.UserAccount account;
if (userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account))
{
authSvc.SignIn(account, model.RememberMe);
if (account.RequiresTwoFactorAuthCodeToSignIn())
{
return RedirectToAction("TwoFactorAuthCodeLogin");
}
if (account.RequiresTwoFactorCertificateToSignIn())
{
return RedirectToAction("CertificateLogin");
}
if (account.RequiresPasswordReset)
{
// this might mean many things --
// it might just mean that the user should change the password,
// like the expired password below, so we'd just redirect to change password page
// or, it might mean the DB was compromised, so we want to force the user
// to reset their password but via a email token, so we'd want to
// let the user know this and invoke ResetPassword and not log them in
// until the password has been changed
//userAccountService.ResetPassword(account.ID);
// so what you do here depends on your app and how you want to define the semantics
// of the RequiresPasswordReset property
}
if (userAccountService.IsPasswordExpired(account))
{
return RedirectToAction("Index", "ChangePassword");
}
if (Url.IsLocalUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", "Invalid Username or Password");
}
}
return View(model);
}