public LoginViewModel(LoginInputModel other) { Username = other.Username; Password = other.Password; RememberLogin = other.RememberLogin; SignInId = other.SignInId; }
public LoginViewModel Execute(LoginInputModel inputModel) { var party = new OpenIdRelyingParty(); var response = party.GetResponse(); var viewModel = new LoginViewModel(); if (response != null && response.Status == AuthenticationStatus.Authenticated) { _authenticationContext.ThisUserHasBeenAuthenticated(response.ClaimedIdentifier, false); viewModel.LoginSuccessful = true; } return viewModel; }
public ActionResult Save(LoginInputModel loginInputModel) { var loginToUpdate = new Login(); loginToUpdate.CreatedDateTime = loginInputModel.CreatedDateTime; loginToUpdate.CreatedBy = loginInputModel.CreatedBy; loginToUpdate.Password = loginInputModel.Password; loginToUpdate.IsAdmin = loginInputModel.IsAdmin; loginToUpdate.Id = loginInputModel.Id; loginToUpdate.Email = new Email { Address = (string)Session["email"] }; var mapper = new AutoDataContractMapper(); var loginData = new LoginData(); mapper.Map(loginToUpdate, loginData); var data = HttpHelper.Put(string.Format(serviceBaseUri + "/Login/{0}", loginInputModel.Id), loginData); var savedLogin = new Login(); mapper.Map(data, savedLogin); return PartialView(GetUser()); }
public void Invoke() { innerBehavior.Invoke(); var loginResult = request.Get<LoginResultModel>(); if(loginResult.Success) { string url = registry.UrlFor<AdminInputModel>(); writer.RedirectToUrl(url); } else { var inputModel = new LoginInputModel(); request.SetObject(inputModel); IActionBehavior partial = factory.BuildPartial(inputModel.GetType()); partial.InvokePartial(); } }
public ActionResult Login(LoginInputModel model) { if (ModelState.IsValid) { if (WebSecurity.IsAccountLockedOut(model.Name, 6, 3600)) { ModelState.AddModelError("Password", "Вы пытались ввести пароль слишком много раз. Вам придеться подождать час, прежде чем попытаться войти снова."); } if (WebSecurity.Login(model.Name, model.Password, true)) { return RedirectToAction("Index", "Home"); } else { ModelState.AddModelError(string.Empty, "Вы ввели неправильный логин или пароль!"); } } return View(model); }
public override async Task OnGetAsync() { LoginInput = new LoginInputModel(); var context = await Interaction.GetAuthorizationContextAsync(ReturnUrl); if (context != null) { LoginInput.UserNameOrEmailAddress = context.LoginHint; //TODO: Reference AspNetCore MultiTenancy module and use options to get the tenant key! var tenant = context.Parameters[TenantResolverConsts.DefaultTenantKey]; if (!string.IsNullOrEmpty(tenant)) { CurrentTenant.Change(Guid.Parse(tenant)); Response.Cookies.Append(TenantResolverConsts.DefaultTenantKey, tenant); } } if (context?.IdP != null) { LoginInput.UserNameOrEmailAddress = context.LoginHint; ExternalProviders = new[] { new ExternalProviderModel { AuthenticationScheme = context.IdP } }; return; } var schemes = await _schemeProvider.GetAllSchemesAsync(); var providers = schemes .Where(x => x.DisplayName != null || x.Name.Equals(_accountOptions.WindowsAuthenticationSchemeName, StringComparison.OrdinalIgnoreCase)) .Select(x => new ExternalProviderModel { DisplayName = x.DisplayName, AuthenticationScheme = x.Name }) .ToList(); EnableLocalLogin = true; //TODO: We can get default from a setting? if (context?.ClientId != null) { var client = await ClientStore.FindEnabledClientByIdAsync(context.ClientId); if (client != null) { EnableLocalLogin = client.EnableLocalLogin; if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any()) { providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList(); } } } ExternalProviders = providers.ToArray(); if (IsExternalLoginOnly) { //return await ExternalLogin(vm.ExternalLoginScheme, returnUrl); throw new NotImplementedException(); } }
public async Task <ActionResult <LoginResultModel> > CreateToken([FromBody] LoginInputModel model) { var user = await _context.Users .FirstOrDefaultAsync(u => u.UserName == model.Username); bool isCredentialsValid = await _userManager.CheckPasswordAsync(user, model.Password); if (isCredentialsValid) { var result = new LoginResultModel(); var roles = await _userManager.GetRolesAsync(user); var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Email, model.Username) }; var accessTokenClaims = new List <Claim>(claims) { new Claim("type", "login") }; var refreshTokenClaims = new List <Claim>(claims) { new Claim("type", "refresh") }; foreach (var role in roles) { claims.Add(new Claim(ClaimTypes.Role, role)); } string secret = _configuration.GetSection("Jwt")["Secret"]; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); string hostUrl = _httpContextAccessor.HttpContext.Request.Host.Value; var accessToken = new JwtSecurityToken( issuer: hostUrl, audience: hostUrl, claims: accessTokenClaims, expires: DateTime.Now.AddDays(1), signingCredentials: credentials ); var refreshToken = new JwtSecurityToken( issuer: hostUrl, audience: hostUrl, claims: refreshTokenClaims, expires: DateTime.Now.AddDays(7), signingCredentials: credentials ); return(new LoginResultModel() { RefreshToken = new JwtSecurityTokenHandler().WriteToken(refreshToken), AccessToken = new JwtSecurityTokenHandler().WriteToken(accessToken), User = new UserOutputModel() { Email = user.Email, UserName = user.UserName, Id = user.Id } }); } return(BadRequest(new { Message = "Could not verify credentials" })); }
public UserDto AuthenticateUser(LoginInputModel login) { return(_userRepository.AuthenticateUser(login)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { var result = await _loginService.Login(model); if (result.Succeeded) { // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect( $"/connect/authorize/callback?client_id=portalAngularClient&redirect_uri={_settings.Value.Urls.PortalRedirect}&response_type=id_token token&scope=openid+email+profile+re_api+ag_api+ao_api+ma_api+am_api+pm_api+co_api+cu_api+pe_api+ad_api&nonce={Guid.NewGuid().ToString().Substring(0, 5)}")); } // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { if (button != "login") { var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (context != null) { await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); return(Redirect(model.ReturnUrl)); } else { return(Redirect("~/")); } } if (ModelState.IsValid) { if (await _customUserStore.ValidateCredentials(new Core.Model.User.UserLoginModel { UserName = model.Username, UserPwd = model.Password })) { var user = await _customUserStore.GetByUserName(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.UserId.ToString(), user.UserName)); AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; await HttpContext.SignInAsync(user.UserId.ToString(), user.UserName, props); return(Redirect(model.ReturnUrl)); #region liyouming 屏蔽 不复核实际要求 //if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) //{ // return Redirect(model.ReturnUrl); //} //return Redirect("~/"); #endregion } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "登录失败")); ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage); } var vm = await _account.BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (ModelState.IsValid) { SqlUserModel sqlUser; _legacySqlLoginAdapter.AddCredentials(model.Username, model.Password); if (await _userManager.FindByNameAsync(model.Username) == null) { if (_legacySqlLoginAdapter.CheckUser()) { sqlUser = _legacySqlLoginAdapter.LoginWithUser(); if (sqlUser != null) { var appUser = new ApplicationUser { Email = sqlUser.Email, UserName = sqlUser.Username, EmailConfirmed = true, NormalizedEmail = sqlUser.Email.ToUpper(), NormalizedUserName = sqlUser.Username.ToUpper() }; var user = await _userManager.CreateAsync(appUser); await _userManager.AddLoginAsync(appUser, new UserLoginInfo("legacySql", "legacySql", "legacySqlProvider")); await _signInManager.SignInAsync(appUser, new AuthenticationProperties(), "legacySql"); await _userManager.AddClaimsAsync(appUser, sqlUser.Claims); await _events.RaiseAsync(new UserLoginSuccessEvent(appUser.UserName, appUser.Id, appUser.UserName, clientId : context?.ClientId)); if (context != null) { if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } throw new Exception("invalid return URL"); } } } var sqlLogin = _legacySqlLoginAdapter.LoginWithUser(); if (sqlLogin != null) { var user = await _userManager.FindByNameAsync(model.Username); await _signInManager.SignInAsync(user, null, "legacySql"); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName, clientId : context?.ClientId)); if (context != null) { if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } throw new Exception("invalid return URL"); } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials", clientId : context?.ClientId)); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } return(Redirect(model.ReturnUrl)); } // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } #if !DEBUG // Google reCAPTCHA var reCaptcha = await _reCaptchaService.ValidateAsync(model.Token); if (!reCaptcha.success) { ModelState.AddModelError("", "There was an error validating reCAPTCHA. Please try again!"); } #endif if (ModelState.IsValid) { var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { var user = await _userManager.FindByNameAsync(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName)); if (context != null) { if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } // TODO: Check why login has failed await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Index(LoginInputModel model) { if (ModelState.IsValid) { var cookies = CookieAuthenticationDefaults.AuthenticationScheme; //or var c = OAuthDefaults.DisplayName; var user = _infoDbContext.users.FirstOrDefault(_ => _.Email == model.Email && _.PassWord == Utils.MD5(model.Password)); if (user != null) { AuthenticationProperties props = null; if (model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, //持久化 ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) //过期时间 }; } ; var claims = new List <Claim> { //Subject:颁发者处最终用户的唯一标识符 new Claim(JwtClaimTypes.Subject, user.Id.ToString()), //Id:仅仅是标识符 new Claim(JwtClaimTypes.Id, user.Id.ToString()), new Claim(JwtClaimTypes.Name, user.UserName) }; var claimIdentity = new ClaimsIdentity(claims, cookies); var claimsPrincipal = new ClaimsPrincipal(claimIdentity); await HttpContext.SignInAsync(cookies, claimsPrincipal, props); // var refererUrl = Request.Headers["Referer"].ToString(); var returnUrl = Request.Query["ReturnUrl"].ToString(); returnUrl = string.IsNullOrWhiteSpace(returnUrl) ? "/" : returnUrl; return(Redirect(returnUrl)); } else { //ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); ModelState.AddModelError(string.Empty, "用户名或密码错误!"); } #region in mem //if (model.Email == "*****@*****.**" && model.Password == "123") //{ // AuthenticationProperties props = null; // if (model.RememberLogin) // { // props = new AuthenticationProperties // { // IsPersistent = true, //持久化 // ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) //过期时间 // }; // }; // var claims = new List<Claim> { // //Subject:颁发者处最终用户的唯一标识符 // new Claim(JwtClaimTypes.Subject,"1000"), // //Id:仅仅是标识符 // new Claim(JwtClaimTypes.Id,"1000"), // new Claim(JwtClaimTypes.Name,"nsky") // }; // var claimIdentity = new ClaimsIdentity(claims, cookies); // var claimsPrincipal = new ClaimsPrincipal(claimIdentity); // await HttpContext.SignInAsync(cookies, claimsPrincipal, props); //} #endregion } //模型验证失败,跳转到当前页面,会显示错误信息 return(View()); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await this.interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await this.interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (await this.clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); // The client is native, so this change in how to // return the response is for better UX for the end user. //// return this.LoadingPage("Redirect", model.ReturnUrl); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { // validate username/password against Ldap var user = this.userStore.ValidateCredentials(model.Username, model.Password); if (user != default(IAppUser)) { // Raise UserLoginSuccessEvent await this.events.RaiseAsync(new UserLoginSuccessEvent(user.Username, user.SubjectId, user.Username)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { // See https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-3.1#persistent-cookies props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // Response with authentication cookie await this.HttpContext.SignInAsync(user.SubjectId, user.Username, props); if (context != null) { if (await this.clientStore.IsPkceClientAsync(context?.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); // The client is native, so this change in how to // return the response is for better UX for the end user. ////return this.LoadingPage("Redirect", model.ReturnUrl); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("Invalid return URL"); } } else { await this.events.RaiseAsync(new UserLoginFailureEvent(model.Username, "Invalid credentials", clientId : context?.ClientId)); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } } // something went wrong, show form with error var vm = await this.buildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { if (button != "login") { // the user clicked the "cancel" button var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { // validate username/password against in-memory store if (_userRepository.ValidateCredentials(model.Username, model.Password)) { var user = _userRepository.FindByUsername(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.UserName, user.SubjectId)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // issue authentication cookie with subject ID and username await HttpContext.SignInAsync(user.SubjectId, user.UserName, props); // make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page // the IsLocalUrl check is only necessary if you want to support additional local pages, otherwise IsValidReturnUrl is more strict if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect("~/")); } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public LoginViewModel(LoginInputModel other) { Username = other.Username; Password = other.Password; ReturnUrl = other.ReturnUrl; }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { var user = await _userManager.FindByNameAsync(model.Username); await HttpContext.SignInAsync(IdentityConstants.ApplicationScheme, await StoreRememberClient(user)); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName)); //if (context != null) //{ // if (await _clientStore.IsPkceClientAsync(context.ClientId)) // { // // if the client is PKCE then we assume it's native, so this change in how to // // return the response is for better UX for the end user. // return View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl }); // } // // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null // return Redirect(model.ReturnUrl); //} return(RedirectToAction("PickRole", new { returnUrl = model.ReturnUrl })); } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public ActionResult Login(LoginInputModel model) { return(View(model)); }
public async Task <IActionResult> Login(LoginInputModel model) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (ModelState.IsValid) { AuthenticationProperties props = null; IdentityServerUser isuser = null; UserLoginSuccessEvent successEvent = null; bool isValid = false; string errMsg = null; // 测试用户 var testUser = OAuthConfig.GetTestUsers().Find(t => t.Username == model.Username && t.Password == model.Password); if (testUser != null) { successEvent = new UserLoginSuccessEvent(testUser.Username, testUser.SubjectId, testUser.Username, clientId: context?.Client.ClientId); // issue authentication cookie with subject ID and username isuser = new IdentityServerUser(testUser.SubjectId) { DisplayName = testUser.Username, AdditionalClaims = { new Claim(UserClaimEnum.UserId.ToString(), testUser.SubjectId), new Claim(UserClaimEnum.UserName.ToString(), testUser.Username) } }; isValid = true; } else { //E登账号 var edUser = _edApiService.GetEdUser(model.Username, model.Password, out string msg); errMsg = msg; if (edUser != null) { successEvent = new UserLoginSuccessEvent(edUser.LoginName, edUser.ID.ToString(), edUser.EmployeeName, clientId: context?.Client.ClientId); // issue authentication cookie with subject ID and username isuser = new IdentityServerUser(edUser.ID.ToString()) { DisplayName = edUser.EmployeeName, AdditionalClaims = { new Claim(UserClaimEnum.UserId.ToString(), edUser.ID.ToString()), new Claim(UserClaimEnum.UserName.ToString(), edUser.EmployeeName.ToString()) } }; isValid = true; } } if (isValid) { //身份认证通过 await _events.RaiseAsync(successEvent); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; await HttpContext.SignInAsync(isuser, props); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("无效的返回URL"); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "无效的证书", clientId : context?.Client.ClientId)); ModelState.AddModelError(string.Empty, errMsg ?? AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <ApiResponse> Login(LoginInputModel parameters) { return(ModelState.IsValid ? await _accountManager.Login(parameters) : new ApiResponse(Status400BadRequest, L["InvalidData"])); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { _logger.LogInformation("Login. Email: {Email}, Remember login: {RememberLogin}.", model.Email, model.RememberLogin); // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { var user = await _userRepository.GetUserByEmailAsync(model.Email.ToLower()); var isHavePassword = !string.IsNullOrEmpty(user.HashPassword) && !string.IsNullOrEmpty(user.Salt); if (!user.IsEmpty() && isHavePassword) { _logger.LogInformation("Login. Found user by mail: id {Id}, name {Name}, Surname {Surname}, mail {Mail}.", user.Id, user.Name, user.Surname, user.Mail); //Validate found user if (_userService.ValidateCredentials(user, model.Password)) { _logger.LogInformation("Login. Validate Credentials was success. User: id {Id}, name {Name}, " + "Surname {Surname}, mail {Mail}.", user.Id, user.Name, user.Surname, user.Mail); await _events.RaiseAsync(new UserLoginSuccessEvent(user.Name, user.Id.ToString(), user.Name)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // issue authentication cookie with subject ID and username var isuser = new IdentityServerUser(user.Id.ToString()) { DisplayName = user.Name }; await HttpContext.SignInAsync(isuser, props); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } } else { _logger.LogWarning("Login. Validate Credentials was failed. User: id {Id}, name {Name}, " + "Surname {Surname}, mail {Mail}.", user.Id, user.Name, user.Surname, user.Mail); } _logger.LogWarning("Login. User with email {email} not exist.", model.Email.ToLower()); } await _events.RaiseAsync(new UserLoginFailureEvent(model.Email, "invalid credentials", clientId : context?.Client.ClientId)); ModelState.AddModelError(string.Empty, _localizer["Invalid_email_or_password"].Value); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { if (button != "login") { // the user clicked the "cancel" button var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } var returnUrl = model.ReturnUrl; ViewData["ReturnUrl"] = returnUrl; if (ModelState.IsValid) { // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, set lockoutOnFailure: true var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberLogin, lockoutOnFailure : _stsConfig.EnableAccountLockout); if (result.Succeeded) { _logger.LogInformation(1, "User logged in."); var user = await _userManager.FindByNameAsync(model.Email); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName)); // make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page // the IsLocalUrl check is only necessary if you want to support additional local pages, otherwise IsValidReturnUrl is more strict if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect("~/")); } if (result.RequiresTwoFactor) { return(RedirectToAction(nameof(VerifyCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberLogin })); } if (result.IsLockedOut) { _logger.LogWarning(2, "User account locked out."); return(View("Lockout")); } else { ModelState.AddModelError(string.Empty, _sharedLocalizer["INVALID_LOGIN_ATTEMPT"]); return(View(await BuildLoginViewModelAsync(model))); } } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { // validate username/password against in-memory store if (_users.ValidateCredentials(model.Username, model.Password)) { var user = _users.FindByUsername(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.Username, user.SubjectId, user.Username, clientId : context?.Client.ClientId)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // issue authentication cookie with subject ID and username var isuser = new IdentityServerUser(user.SubjectId) { DisplayName = user.Username }; await HttpContext.SignInAsync(isuser, props); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials", clientId : context?.Client.ClientId)); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { var user = await _userManager.FindByNameAsync(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName, clientId : context?.Client.ClientId)); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials", clientId : context?.Client.ClientId)); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // 检查我们是否在授权请求的上下文中 var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // 用户点击了“取消”按钮 if (button != "login") { if (context != null) { await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); if (await _clientStore.IsPkceClientAsync(context.ClientId)) { return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } return(Redirect("~/")); } else { return(Redirect("~/")); } } if (ModelState.IsValid) { if (model.UserType == "1") { var user = _repository.Find("select * from Users where Mobile = @mobile and Status = 0", new { mobile = model.Username }); if (user != null) { var encodepassword = Cryptographer.EncodePassword(model.Password, 1, user.Encrypt); if (encodepassword.Equals(user.Password)) { await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.Mobile)); AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } await HttpContext.SignInAsync(user.Id.ToString(), user.Mobile, props); if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect("~/")); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "无效用户名或密码")); ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage); } else { var user = _repository.Find("select * from Consultant where Mobile = @mobile and Status = 0", new { mobile = model.Username }); } } return(View()); }
//[ValidateAntiForgeryToken] public async Task <IActionResult> Login(LoginInputModel model, string button, string returnUrl = null) { if (button != "login") { // the user clicked the "cancel" button var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } ViewData["ReturnUrl"] = returnUrl; if (ModelState.IsValid) { // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, set lockoutOnFailure: true var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure : false); if (result.Succeeded) { var user = await _userManager.FindByNameAsync(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // issue authentication cookie with subject ID and username await HttpContext.SignInAsync(user.Id, user.UserName, props); // make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect("~/")); } if (result.RequiresTwoFactor) { return(RedirectToAction(nameof(LoginWith2fa), new { returnUrl, model.RememberLogin })); } if (result.IsLockedOut) { _logger.LogWarning("User account locked out."); return(RedirectToAction(nameof(Lockout))); } else { ModelState.AddModelError(string.Empty, "Invalid login attempt."); //return View(model); } } // something went wrong, show form with error var loginViewModel = await accountService.BuildLoginViewModelAsync(model); return(View(loginViewModel)); }
public async Task <IActionResult> Login(LoginInputModel model) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (ModelState.IsValid) { // validate username/password var user = await _userManager.FindByNameAsync(model.Username); if (user != null && await _userManager.CheckPasswordAsync(user, model.Password)) { await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.FullName)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // issue authentication cookie with subject ID and username await HttpContext.SignInAsync(user.Id, user.UserName, props); if (context != null) { // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = new LoginViewModel { Username = model.Username, RememberLogin = model.RememberLogin }; return(View(vm));; }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // check if we are in the context of an authorization request var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } return(Redirect(model.ReturnUrl)); } // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } if (ModelState.IsValid) { var user = await _userResolver.GetUserAsync(model.Username); if (user != default(TUser)) { var result = await _signInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id.ToString(), user.UserName)); if (context != null) { if (await _clientStore.IsPkceClientAsync(context.ClientId)) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl })); } // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } // request for a local page if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } // user might have clicked on a malicious link - should be logged throw new Exception("invalid return URL"); } if (result.RequiresTwoFactor) { return(RedirectToAction(nameof(LoginWith2fa), new { model.ReturnUrl, RememberMe = model.RememberLogin })); } if (result.IsLockedOut) { return(View("Lockout")); } } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage); } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { if (button != "login") { // the user clicked the "cancel" button var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { var user = await _userManager.FindByNameAsync(model.Username); if (user.EmailConfirmed) { await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName)); if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect("~/")); } else { return(Redirect("~/Account/SendConfirmEmail?Email=" + user.UserName)); } } if (result.IsLockedOut) { ModelState.AddModelError("", "登录被锁定,请您5分钟后再登录!"); } if (result.IsNotAllowed) { ModelState.AddModelError("", "登录被锁定,请您5分钟后再登录!"); } await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError("", "账号密码错误!"); } var vm = await BuildLoginViewModelAsync(model); // If we got this far, something failed, redisplay form return(View(vm)); }
public async Task <LoginViewModel> Login([FromBody] LoginInputModel model) { return(await this.AccountService.LogIn(model)); }
public LoginViewModel() { InputModel = new LoginInputModel(); }
public User ReadUserFromLoginInput(LoginInputModel model) { return(_ctx.Users.FirstOrDefault(u => u.Username == model.Username)); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { if (button != "login") { // the user clicked the "cancel" button var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (context != null) { // if the user cancels, send a result back into IdentityServer as if they // denied the consent (even if this client does not require consent). // this will send back an access denied OIDC error response to the client. await _interaction.GrantConsentAsync(context, ConsentResponse.Denied); // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null return(Redirect(model.ReturnUrl)); } else { // since we don't have a valid context, then we just go back to the home page return(Redirect("~/")); } } if (ModelState.IsValid) { UserViewModel userIdentity; if (model.IsUsernameEmail()) { userIdentity = await _userAppService.FindByEmailAsync(model.Username); } else { userIdentity = await _userAppService.FindByNameAsync(model.Username); } if (userIdentity == null) { await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage); } if (userIdentity != null) { var result = await _signInManager.PasswordSignInAsync(userIdentity.UserName, model.Password, model.RememberLogin, lockoutOnFailure : true); if (result.Succeeded) { await _events.RaiseAsync(new UserLoginSuccessEvent(userIdentity.UserName, userIdentity.Id.ToString(), userIdentity.UserName)); // make sure the returnUrl is still valid, and if so redirect back to authorize endpoint or a local page // the IsLocalUrl check is only necessary if you want to support additional local pages, otherwise IsValidReturnUrl is more strict if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(Redirect("~/")); } else { await _events.RaiseAsync(new UserLoginFailureEvent(model.Username, "invalid credentials")); ModelState.AddModelError("", AccountOptions.InvalidCredentialsErrorMessage); } } } // something went wrong, show form with error var vm = await BuildLoginViewModelAsync(model); return(View(vm)); }
public MessageToSend post_my_route(LoginInputModel input) { //Send message using routing rules in TransportRegistry return new MessageToSend(); }
public async Task Login_GivenUnsuccesfulLogin_ViewResultReturned() { using var accountController = new AccountController(fakeUserManager, fakeSignInManager, mockIdentityServerInteractionService, mockClientStore, mockAuthenticationSchemeProvider, mockEventService, urlTestEncoder, mockConfiguration); var urlHelper = Substitute.For <IUrlHelper>(); urlHelper.IsLocalUrl(Arg.Any <string>()).Returns(false); accountController.Url = urlHelper; var inputModel = new LoginInputModel() { Username = "******", Password = "******", RememberLogin = false, ReturnUrl = string.Empty }; fakeSignInManager.SetSignInSuccessful(false); fakeUserManager.SetUserModel(userModel); var builder = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true) .AddEnvironmentVariables(); var config = builder.Build(); config.GetSection("TwoFactorAuthentication")["OrganizationEnforced"] = "false"; config.GetSection("TwoFactorAuthentication")["AuthenticatorEnabled"] = "false"; mockConfiguration.GetSection("TwoFactorAuthentication").Returns(config.GetSection("TwoFactorAuthentication")); // Act var actionResult = await accountController.Login(inputModel, "login"); // Assert var viewResult = actionResult as ViewResult; Assert.NotNull(viewResult); var model = viewResult.Model as LoginViewModel; Assert.NotNull(model); Assert.True(accountController.ModelState.ErrorCount > 0, $"Modelstate must have errors."); bool errorFound = false; foreach (var modelState in accountController.ModelState.Values) { foreach (var error in modelState.Errors) { if (error.ErrorMessage == AccountOptions.InvalidCredentialsErrorMessage) { errorFound = true; } } } Assert.True(errorFound, $"Account locked out should return error message '{AccountOptions.InvalidCredentialsErrorMessage}'."); }
public async Task <IActionResult> Login(LoginInputModel model, string button) { // Check if we are in the context of an authorization request. var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // The user clicked the 'cancel' button. if (button != "login") { if (context != null) { // If the user cancels, send a result back into IdentityServer as if they denied the consent (even if this client does not require consent). // This will send back an access denied OIDC error response to the client. await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied); // We can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null. if (context.IsNativeClient()) { // The client is native, so this change in how to return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } return(Redirect(model.ReturnUrl)); } else { // Since we don't have a valid context, then we just go back to the home page. return(Redirect("~/")); } } if (ModelState.IsValid) { // Validate username/password against database. var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, AccountOptions.AllowRememberLogin&& model.RememberLogin, lockoutOnFailure : true); User user = null; if (result.Succeeded) { user = await _userManager.FindByNameAsync(model.UserName); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName)); _logger.LogInformation("User '{UserName}' and email {Email} was successfully logged in.", user.UserName, user.Email); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to return the response is for better UX for the end user. return(this.LoadingPage("Redirect", model.ReturnUrl)); } // We can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null. return(Redirect(model.ReturnUrl)); } // Request for a local page. if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else if (string.IsNullOrEmpty(model.ReturnUrl)) { return(Redirect("~/")); } else { // User might have clicked on a malicious link - should be logged. _logger.LogError("User '{UserName}' might have clicked a malicious link during login: {ReturnUrl}.", UserName, model.ReturnUrl); throw new Exception("Invalid return URL."); } } if (result.IsLockedOut) { _logger.LogWarning("User '{UserName}' was locked out after {WrongLoginsNumber} unsuccessful login attempts.", UserName, user?.AccessFailedCount); await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "User locked out.")); ModelState.AddModelError(string.Empty, "Your account is temporarily locked. Please contact system administrator."); } else { _logger.LogWarning("User '{UserName}' entered invalid credentials during login.", UserName); await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "Invalid credentials.")); ModelState.AddModelError(string.Empty, "Please check your credentials."); } } // Something went wrong, show form with error. var viewModel = await _accountService.BuildLoginViewModelAsync(model); return(View(viewModel)); }
public LoginViewModel Execute( LoginInputModel inputModel ) { return new LoginViewModel(); }