public ActionResult Index(LoginInputModel model) { if (ModelState.IsValid) { if (this.userAccountService.Authenticate(model.Username, model.Password)) { authSvc.SignIn(model.Username); if (userAccountService.IsPasswordExpired(model.Username)) { return RedirectToAction("Index", "ChangePassword"); } else { if (Url.IsLocalUrl(model.ReturnUrl)) { return Redirect(model.ReturnUrl); } else { return RedirectToAction("Index", "Home"); } } } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return View(model); }
public ActionResult Index(LoginInputModel model) { if (ModelState.IsValid) { BrockAllen.MembershipReboot.UserAccount account; if (userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)) { authSvc.SignIn(account); if (account.RequiresTwoFactorAuthCodeToSignIn) { return View("TwoFactorAuth"); } if (userAccountService.IsPasswordExpired(account)) { return RedirectToAction("Index", "ChangePassword"); } if (Url.IsLocalUrl(model.ReturnUrl)) { return Redirect(model.ReturnUrl); } return RedirectToAction("Index", "Home"); } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return View(model); }
public ActionResult Index(LoginInputModel model) { if (ModelState.IsValid) { BrockAllen.MembershipReboot.UserAccount account; if (userAccountService.AuthenticateWithUsernameOrEmail(model.Username, model.Password, out account)) { authSvc.SignIn(account, model.RememberMe); if (account.RequiresTwoFactorAuthCodeToSignIn()) { return RedirectToAction("TwoFactorAuthCodeLogin"); } if (account.RequiresTwoFactorCertificateToSignIn()) { return RedirectToAction("CertificateLogin"); } if (account.RequiresPasswordReset) { // this might mean many things -- // it might just mean that the user should change the password, // like the expired password below, so we'd just redirect to change password page // or, it might mean the DB was compromised, so we want to force the user // to reset their password but via a email token, so we'd want to // let the user know this and invoke ResetPassword and not log them in // until the password has been changed //userAccountService.ResetPassword(account.ID); // so what you do here depends on your app and how you want to define the semantics // of the RequiresPasswordReset property } if (userAccountService.IsPasswordExpired(account)) { return RedirectToAction("Index", "ChangePassword"); } if (Url.IsLocalUrl(model.ReturnUrl)) { return Redirect(model.ReturnUrl); } return RedirectToAction("Index", "Home"); } else { ModelState.AddModelError("", "Invalid Username or Password"); } } return View(model); }