private async Task HandleLoginFailure(LoginViewModel model)
{
Logger.Trace("Login failed: user {0}", model.Email);
ModelState.AddModelError("", await GenerateTryLoginWithFederationProviderErrorMessage(model.Email));
SignOut();
}
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
SignInStatus result;
try
{
result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
}
catch (NotRegisteredForServiceException)
{
HandleUserNotRegisteredForService(model.Email);
return View();
}
catch (FormatException)
{
// Legacy passwords are not valid Base-64 strings
result = SignInStatus.Failure;
// Try to authenticate the user using a legacy login service
var user = await _userStore.FindByEmailAsync(model.Email);
if (!string.IsNullOrWhiteSpace(user?.PasswordHash) && user.PasswordHash.StartsWith(LegacyPasswordPrefix) && !string.IsNullOrWhiteSpace(model.Email))
{
if (LegacyPasswordService != null && await LegacyPasswordService.CheckPasswordAsync(user, model.Password))
{
// set the password
using (var tx = new TransactionScope())
{
_userManager.RemovePassword(user.Id);
_userManager.AddPassword(user.Id, model.Password);
var updatedUser = await _userStore.FindByIdAsync(user.Id);
if (string.IsNullOrEmpty(updatedUser.PasswordHash))
{
throw new Exception("Unable to set password of user " + user.Id);
}
tx.Complete();
}
// and login
try
{
result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, false);
}
catch (NotRegisteredForServiceException)
{
HandleUserNotRegisteredForService(model.Email);
return View();
}
catch (AppNotAllowedException)
{
return await SelectAppOrRedirect(model.Email);
}
// or force a password reset
//return await RequestPasswordReset(new ForgotPasswordViewModel { Email = user.Email});
}
}
else
{
// Not a legacy password, so rethrow
throw;
}
}
catch (AppNotAllowedException)
{
return await SelectAppOrRedirect(model.Email);
}
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
Logger.Trace("Login failed: user {0} is locked out", model.Email);
return View("Lockout");
case SignInStatus.RequiresVerification:
Logger.Trace("Login failed: user {0} is unverified", model.Email);
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
await HandleLoginFailure(model);
return View(model);
}
}
