public virtual LoginFormViewModel Authenticate(LoginFormViewModel input, HttpContextBase context) { input.LoginError = false; string errorRedirectUrl = GetErrorRedirectUrl(context); if (Config.Get <SecurityConfig>().AuthenticationMode == SecConfig.AuthenticationMode.Claims && ClaimsManager.CurrentAuthenticationModule.AuthenticationProtocol != "Default") { var owinContext = context.Request.GetOwinContext(); var challengeProperties = ChallengeProperties.ForLocalUser(input.UserName, input.Password, this.MembershipProvider, input.RememberMe, errorRedirectUrl); challengeProperties.RedirectUri = this.GetReturnURL(context); owinContext.Authentication.Challenge(challengeProperties, ClaimsManager.CurrentAuthenticationModule.STSAuthenticationType); } else { var redirectUrl = this.GetReturnURL(context); User user; UserLoggingReason result = SecurityManager.AuthenticateUser( this.MembershipProvider, input.UserName, input.Password, input.RememberMe, out user); if (result != UserLoggingReason.Success) { if (ClaimsManager.CurrentAuthenticationModule.AuthenticationProtocol == "Default") { errorRedirectUrl = AddErrorParameterToQuery(errorRedirectUrl); SFClaimsAuthenticationManager.ProcessRejectedUserForDefaultClaimsLogin(context, result, user, input.RememberMe, redirectUrl, errorRedirectUrl); } input.LoginError = true; } else { if (ClaimsManager.CurrentAuthenticationModule.AuthenticationProtocol == "Default") { redirectUrl = RemoveErrorParameterFromQuery(redirectUrl); } input.RedirectUrlAfterLogin = redirectUrl; SystemManager.CurrentHttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { RedirectUri = redirectUrl }); } } return(input); }