public async Task <IActionResult> HandleLogin([Bind(Prefix = "loginModel")] LoginModel model)
{
if (ModelState.IsValid == false)
{
return(CurrentUmbracoPage());
}
MergeRouteValuesToModel(model);
// Sign the user in with username/password, this also gives a chance for developers to
// custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker
SignInResult result = await _signInManager.PasswordSignInAsync(
model.Username, model.Password, isPersistent : model.RememberMe, lockoutOnFailure : true);
if (result.Succeeded)
{
TempData["LoginSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
// Validate the redirect URL.
// If it's not a local URL we'll redirect to the root of the current site.
return(Redirect(Url.IsLocalUrl(model.RedirectUrl)
? model.RedirectUrl
: CurrentPage.AncestorOrSelf(1).Url(PublishedUrlProvider)));
}
// Redirect to current URL by default.
// This is different from the current 'page' because when using Public Access the current page
// will be the login page, but the URL will be on the requested page so that's where we need
// to redirect too.
return(RedirectToCurrentUmbracoUrl());
}
if (result.RequiresTwoFactor)
{
throw new NotImplementedException("Two factor support is not supported for Umbraco members yet");
}
// TODO: We can check for these and respond differently if we think it's important
// result.IsLockedOut
// result.IsNotAllowed
// Don't add a field level error, just model level.
ModelState.AddModelError("loginModel", "Invalid username or password");
return(CurrentUmbracoPage());
}
public async Task <IActionResult> HandleLogin([Bind(Prefix = "loginModel")] LoginModel model)
{
if (ModelState.IsValid == false)
{
return(CurrentUmbracoPage());
}
MergeRouteValuesToModel(model);
// Sign the user in with username/password, this also gives a chance for developers to
// custom verify the credentials and auto-link user accounts with a custom IBackOfficePasswordChecker
SignInResult result = await _signInManager.PasswordSignInAsync(
model.Username, model.Password, isPersistent : model.RememberMe, lockoutOnFailure : true);
if (result.Succeeded)
{
TempData["LoginSuccess"] = true;
// If there is a specified path to redirect to then use it.
if (model.RedirectUrl.IsNullOrWhiteSpace() == false)
{
// Validate the redirect URL.
// If it's not a local URL we'll redirect to the root of the current site.
return(Redirect(Url.IsLocalUrl(model.RedirectUrl)
? model.RedirectUrl
: CurrentPage !.AncestorOrSelf(1) !.Url(PublishedUrlProvider)));
}
// Redirect to current URL by default.
// This is different from the current 'page' because when using Public Access the current page
// will be the login page, but the URL will be on the requested page so that's where we need
// to redirect too.
return(RedirectToCurrentUmbracoUrl());
}
if (result.RequiresTwoFactor)
{
MemberIdentityUser attemptedUser = await _memberManager.FindByNameAsync(model.Username);
if (attemptedUser == null)
{
return(new ValidationErrorResult(
$"No local member found for username {model.Username}"));
}
var providerNames = await _twoFactorLoginService.GetEnabledTwoFactorProviderNamesAsync(attemptedUser.Key);
ViewData.SetTwoFactorProviderNames(providerNames);
}
else if (result.IsLockedOut)
{
ModelState.AddModelError("loginModel", "Member is locked out");
}
else if (result.IsNotAllowed)
{
ModelState.AddModelError("loginModel", "Member is not allowed");
}
else
{
ModelState.AddModelError("loginModel", "Invalid username or password");
}
return(CurrentUmbracoPage());
}
