public ActionResult Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return(View("Index", model)); } IAuthenticationManager authenticationManager = HttpContext.GetOwinContext().Authentication; var authService = new AdAuthenticationService(authenticationManager); var targetUser = authService.GetUser(model.Username); if (targetUser != null && targetUser.GetGroups().All(g => g.Name != "VPN Customer")) { Firewall.BlockIPInFirewall(Request.UserHostAddress); throw new UnauthorizedAccessException($"User {model.Username} doesn't belong to group VPN Customers."); } var authenticationResult = authService.SignIn(model.Username, model.Password); if (authenticationResult.IsSuccess) { if (string.IsNullOrEmpty(returnUrl)) { return(RedirectToAction("Index", "Account")); } else { return(RedirectToLocal(returnUrl)); } } ModelState.AddModelError(string.Empty, authenticationResult.ErrorMessage); return(View("Index", model)); }