public async Task <IActionResult> Login(LoginUserViewModel loginUserViewModel, string returnUrl) { SignInResultDTO signInResultDTO = await this.usersService.PasswordSignInAsync(loginUserViewModel.Username, loginUserViewModel.Password); if (signInResultDTO.IsNotAllowed) { User userDb = await this.usersService.FindByUsername(loginUserViewModel.Username); if (!userDb.EmailConfirmed && await this.usersService.CheckPasswordAsync(userDb, loginUserViewModel.Password)) // we also check if the password is correct, to prevent account enumeration { TempData["ErrorMessage"] = "Not confirmed email! Please confirm it"; return(View(loginUserViewModel)); } } if (!signInResultDTO.IsSucceed) { TempData["ErrorMessage"] = "Wrong username or password"; return(View(loginUserViewModel)); } TempData["SuccessMessage"] = string.Format("Welcome {0}", loginUserViewModel.Username); if (!string.IsNullOrWhiteSpace(returnUrl)) { return(LocalRedirect(returnUrl)); // use LocalRedirect to prevent open redirect attack } return(base.RedirectToIndexActionInHomeController()); }
public async Task <SignInResultDTO> PasswordSignInAsync(string username, string password) { SignInResult signInResult = await this.signInManager.PasswordSignInAsync(username, password, true, false); SignInResultDTO signInResultDTO = new SignInResultDTO { IsSucceed = signInResult.Succeeded, IsNotAllowed = signInResult.IsNotAllowed }; return(signInResultDTO); }