public async Task <IActionResult> OnPostAsync(string returnUrl = null) { returnUrl = returnUrl ?? Url.Content("~/"); if (ModelState.IsValid) { // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, set lockoutOnFailure: true ChipsUser user = await _userManager.FindByNameAsync(Input.UserName); // if user exists but not active, display error if (user != null && !user.Active) { ModelState.AddModelError(string.Empty, "This account is not enabled. Contact an administrator for help."); return(Page()); } var result = await _signInManager.PasswordSignInAsync(Input.UserName, Input.Password, Input.RememberMe, lockoutOnFailure : true); // if password correct and all other requirements fulfilled, redirect to home if (result.Succeeded) { _logger.LogInformation("User logged in."); return(RedirectToAction("Index", "Home")); } // if user has two-factor authentication set up, redirect to page if (result.RequiresTwoFactor) { return(RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe })); } // if user is locked out, log and redirect if (result.IsLockedOut) { _logger.LogWarning("User attempted login with locked account."); return(RedirectToPage("./Lockout")); } // if all else fails, username or password are invalid ModelState.AddModelError(string.Empty, "Invalid login attempt."); return(Page()); } // Model state invalid return(Page()); }
public async Task <IActionResult> OnPostAsync(string returnUrl = null) { returnUrl = returnUrl ?? Url.Content("~/"); if (ModelState.IsValid) { var user = new ChipsUser { UserName = Input.UserName, Email = Input.Email, FirstName = Input.FirstName, LastName = Input.LastName, PhoneNumber = Input.Phone, Active = true }; var result = await _userManager.CreateAsync(user, Input.Password); if (result.Succeeded) { await _userManager.AddToRoleAsync(user, UserRoles.Technician.ToString()); _logger.LogInformation("User created a new account with password."); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); var callbackUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, values: new { userId = user.Id, code = code }, protocol: Request.Scheme); await _emailSender.SendEmailAsync(Input.Email, "Confirm your email", $"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>."); await _signInManager.SignInAsync(user, isPersistent : false); return(LocalRedirect(returnUrl)); } foreach (var error in result.Errors) { ModelState.AddModelError(string.Empty, error.Description); } } // If we got this far, something failed, redisplay form return(Page()); }
public static void SeedUsers(UserManager <ChipsUser> userManager) { if (userManager.FindByEmailAsync("*****@*****.**").Result == null) { ChipsUser user = new ChipsUser { FirstName = "CHIPS", LastName = "Admin", Active = true, UserName = "******", NormalizedUserName = "******", Email = "*****@*****.**", NormalizedEmail = "*****@*****.**", LockoutEnabled = false, }; // initial password string password = "******"; // password must be 6-100 chars and have at least one uppercase, one digit, // and one non-alphanumeric character. // TODO add requirement to change password on first sign-in? IdentityResult result = userManager.CreateAsync(user, password).Result; if (result.Succeeded) { userManager.AddToRoleAsync(user, "Administrator").Wait(); } else { throw new FormatException("Initial admin password format invalid."); // TODO error handling to pass along failed initial admin pw requirements } } }