public async Task <IActionResult> Signin(SigninViewModel model, string returnUrl = null)
{
this.ViewData["ReturnUrl"] = returnUrl;
if (this.ModelState.IsValid)
{
try
{
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, false);
if (result.Succeeded)
{
return(this.RedirectToLocal(returnUrl));
}
// I added the exclamation mark to make it more dramatic
this.TempData["ErrorMessage"] = "The username and/or password are incorrect!";
return(this.View(model));
}
catch (Exception)
{
this.TempData["ErrorMessage"] = "Something bad happened while logging in...";
return(this.View(model));
}
}
return(this.View(model));
}
public async Task <IActionResult> Login(LoginViewModel model, string returnUrl)
{
// Google Recaptcha Verification
var googleRecaptcha = await _recaptchaService.ReceiveVerificationAsync(model.Token);
if (!googleRecaptcha.Success)
{
ModelState.AddModelError(string.Empty, "Invalid Login Attempt");
return(View());
}
if (!ModelState.IsValid)
{
return(View(model));
}
var result = await signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, false);
if (result.Succeeded)
{
// the following if-else block prevents Open-Redirect Attacks.
if (!string.IsNullOrEmpty(returnUrl))
{
return(LocalRedirect(returnUrl));
}
else
{
return(RedirectToAction("Index", "home"));
}
}
else if (result.IsNotAllowed)
{
ModelState.AddModelError(string.Empty, _notAllowedLoginMessage);
return(View(model));
}
ModelState.AddModelError(string.Empty, _invalidLoginMessage);
return(View(model));
}