public async Task <IActionResult> Index([FromForm] string volunteer, [FromForm] string returnUrl) { if (ModelState.IsValid) { // validate username/password against in-memory store if (await volunteerService.ValidateCredentials(volunteer, string.Empty, string.Empty)) { var user = await volunteerService.GetUserToVerify(volunteer, string.Empty); await events.RaiseAsync(new UserLoginSuccessEvent(user.FullName, user.Id, user.FullName)); // issue authentication cookie with subject ID and username await HttpContext.SignInAsync(new IdentityServer4.IdentityServerUser(user.Id) { DisplayName = user.FullName }); // make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page if (interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl)) { return(Redirect(returnUrl)); } return(Redirect("~/")); } await events.RaiseAsync(new UserLoginFailureEvent(volunteer, "invalid credentials")); ModelState.AddModelError("", "Invalid username or password"); } // something went wrong, show form with error return(await Index(returnUrl)); }