public async Task <IActionResult> Login(LoginUserViewModel loginUserViewModel, string returnUrl)
{
SignInResultDTO signInResultDTO = await this.usersService.PasswordSignInAsync(loginUserViewModel.Username, loginUserViewModel.Password);
if (signInResultDTO.IsNotAllowed)
{
User userDb = await this.usersService.FindByUsername(loginUserViewModel.Username);
if (!userDb.EmailConfirmed && await this.usersService.CheckPasswordAsync(userDb, loginUserViewModel.Password)) // we also check if the password is correct, to prevent account enumeration
{
TempData["ErrorMessage"] = "Not confirmed email! Please confirm it";
return(View(loginUserViewModel));
}
}
if (!signInResultDTO.IsSucceed)
{
TempData["ErrorMessage"] = "Wrong username or password";
return(View(loginUserViewModel));
}
TempData["SuccessMessage"] = string.Format("Welcome {0}", loginUserViewModel.Username);
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return(LocalRedirect(returnUrl)); // use LocalRedirect to prevent open redirect attack
}
return(base.RedirectToIndexActionInHomeController());
}
public async Task <SignInResultDTO> PasswordSignInAsync(string username, string password)
{
SignInResult signInResult = await this.signInManager.PasswordSignInAsync(username, password, true, false);
SignInResultDTO signInResultDTO = new SignInResultDTO
{
IsSucceed = signInResult.Succeeded,
IsNotAllowed = signInResult.IsNotAllowed
};
return(signInResultDTO);
}
