public async Task <ActionResult> Login(LoginView loginView) { try { if (ModelState.IsValid) { string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2( password: loginView.Clave, salt: System.Text.Encoding.ASCII.GetBytes(config["Salt"]), prf: KeyDerivationPrf.HMACSHA1, iterationCount: 1000, numBytesRequested: 256 / 8)); var p = repo.GetByEmail(loginView.Email); if (p == null || p.Clave != hashed) { ViewBag.Mensaje = "Datos inválidos"; return(View()); } var claims = new List <Claim> { new Claim(ClaimTypes.Name, p.Email), //new Claim(ClaimTypes.Name, p.Nombre), //new Claim(ClaimTypes.Email, p.Email), new Claim("Identity", p.IdPropietario.ToString()), new Claim(ClaimTypes.Role, p.IdPropietario < 10 ? "RolAdmin" : "RolEmpresa"), }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); var authProperties = new AuthenticationProperties { //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. AllowRefresh = true, //ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. //IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. When used with cookies, controls // whether the cookie's lifetime is absolute (matching the // lifetime of the authentication ticket) or session-based. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties); return(RedirectToAction("Index")); } else { return(View());//Ver mensaje a devolver } } catch (Exception ex) { ViewBag.Error = ex.Message; ViewBag.StackTrate = ex.StackTrace; return(View()); } }