private async Task <LoginResultModel> LoginInternal(AuthorizationRequest context, LoginInputModel model) { var resultmodel = new LoginResultModel(); resultmodel.ReturnUrl = model.ReturnUrl; if (await _localUserService.ValidateCredentialsAsync(model.Username, model.Password)) { var user = await _localUserService.GetUserByUserNameOrEmailAsync(model.Username); await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Subject, user.UserName, clientId : context?.Client.ClientId)); // only set explicit expiration here if user chooses "remember me". // otherwise we rely upon expiration configured in cookie middleware. AuthenticationProperties props = null; if (AccountOptions.AllowRememberLogin && model.RememberLogin) { props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration) }; } ; // issue authentication cookie with subject ID and username var isuser = new IdentityServerUser(user.Subject) { DisplayName = user.UserName }; await HttpContext.SignInAsync(isuser, props); if (_interaction.IsValidReturnUrl(model.ReturnUrl) || Url.IsLocalUrl(model.ReturnUrl)) { return(resultmodel.WithStatus(Status.Ok)); } resultmodel.ReturnUrl = "/"; return(resultmodel.WithStatus(Status.Ok)); } return(resultmodel.WithStatus(Status.Error).WithError("Invalid login attempt.")); }