public ActionResult Index(LoginInputModel model) { if (ModelState.IsValid) { BrockAllen.MembershipReboot.UserAccount account; if (userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)) { authSvc.SignIn(account); if (userAccountService.IsPasswordExpired(account)) { return(RedirectToAction("Index", "ChangePassword")); } else { if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } else { return(RedirectToAction("Index", "Home")); } } } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return(View(model)); }
/// <summary> /// Given a <paramref name="username" />, <paramref name="password" />, and an IDS3 /// <paramref name="message">SignIn Message</paramref>, validates the user's credentials by attempting to /// authenticate them. /// </summary> /// <param name="username">User's username or email.</param> /// <param name="password">User's password</param> /// <param name="message">Message built by IDS3 that contains context information such as client and tenant.</param> /// <param name="account">If credentials are valid, returns the user's account.</param> /// <returns><c>true</c> if the user's credentials are valid for their tenant; otherwise <c>false</c></returns> protected virtual bool ValidateLocalCredentials(string username, string password, SignInMessage message, out HierarchicalUserAccount account) { string tenant = string.IsNullOrWhiteSpace(message.Tenant) ? userAccountService.Configuration.DefaultTenant : message.Tenant; return(userAccountService.AuthenticateWithUsernameOrEmail(tenant, username, password, out account)); }
public ActionResult Index(LoginInputModel model) { if (ModelState.IsValid) { BrockAllen.MembershipReboot.UserAccount account; if (userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)) { authSvc.SignIn(account, model.RememberMe); if (account.RequiresTwoFactorAuthCodeToSignIn()) { return(RedirectToAction("TwoFactorAuthCodeLogin")); } if (account.RequiresTwoFactorCertificateToSignIn()) { return(RedirectToAction("CertificateLogin")); } if (account.RequiresPasswordReset) { // this might mean many things -- // it might just mean that the user should change the password, // like the expired password below, so we'd just redirect to change password page // or, it might mean the DB was compromised, so we want to force the user // to reset their password but via a email token, so we'd want to // let the user know this and invoke ResetPassword and not log them in // until the password has been changed //userAccountService.ResetPassword(account.ID); // so what you do here depends on your app and how you want to define the semantics // of the RequiresPasswordReset property } if (userAccountService.IsPasswordExpired(account)) { return(RedirectToAction("Index", "ChangePassword")); } if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(RedirectToAction("Index", "AccountHome")); } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return(View(model)); }
public void AuthenticateWithUsernameOrEmail_ValidCredentials_ReturnsTrue() { securitySettings.RequireAccountVerification = false; subject.CreateAccount("test", "pass", "*****@*****.**"); UserAccount acct; Assert.IsTrue(subject.AuthenticateWithUsernameOrEmail("test", "pass", out acct)); Assert.IsTrue(subject.AuthenticateWithUsernameOrEmail("*****@*****.**", "pass", out acct)); }
public ActionResult Login(LoginInputModel model) { if (ModelState.IsValid) { HierarchicalUserAccount account; if (_userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)) { _authService.SignIn(account, model.RememberMe); //if (account.RequiresTwoFactorAuthCodeToSignIn()) //{ // return RedirectToAction("TwoFactorAuthCodeLogin"); //} //if (account.RequiresTwoFactorCertificateToSignIn()) //{ // return RedirectToAction("CertificateLogin"); //} if (_userAccountService.IsPasswordExpired(account)) { return(RedirectToAction("Index", "ChangePassword")); } if (Url.IsLocalUrl(model.ReturnUrl)) { return(Redirect(model.ReturnUrl)); } return(RedirectToAction("Index")); } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return(View(model)); }