public async Task<IHttpActionResult> LoginLocal(LoginCredentials model)
        {
            Logger.Info("Login page submitted");

            if (model == null)
            {
                Logger.Error("no data submitted");
                return RenderLoginPage(Messages.InvalidUsernameOrPassword);
            }

            if (!ModelState.IsValid)
            {
                Logger.Warn("validation error: username or password missing");
                return RenderLoginPage(ModelState.GetError(), model.Username);
            }

            var authResult = await _userService.AuthenticateLocalAsync(model.Username, model.Password);
            if (authResult == null)
            {
                Logger.WarnFormat("user service indicated incorrect username or password for username: {0}", model.Username);
                return RenderLoginPage(Messages.InvalidUsernameOrPassword, model.Username);
            }

            if (authResult.IsError)
            {
                Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage);
                return RenderLoginPage(authResult.ErrorMessage, model.Username);
            }

            return SignInAndRedirect(
                 authResult,
                 Constants.AuthenticationMethods.Password,
                 Constants.BuiltInIdentityProvider);
        }
        public async Task<IHttpActionResult> LoginLocal(LoginCredentials model)
        {
            logger.Start("[AuthenticationController.LoginLocal] called");

            if (model == null)
            {
                logger.Verbose("[AuthenticationController.LoginLocal] no model");
                return RenderLoginPage(Messages.InvalidUsernameOrPassword);
            }

            if (!ModelState.IsValid)
            {
                logger.Verbose("[AuthenticationController.LoginLocal] model not valid");
                return RenderLoginPage(ModelState.GetError(), model.Username);
            }

            var authResult = await userService.AuthenticateLocalAsync(model.Username, model.Password);
            if (authResult == null)
            {
                logger.Verbose("[AuthenticationController.LoginLocal] authenticate returned null");
                return RenderLoginPage(Messages.InvalidUsernameOrPassword, model.Username);
            }

            if (authResult.IsError)
            {
                logger.Verbose("[AuthenticationController.LoginLocal] authenticate returned an error message");
                return RenderLoginPage(authResult.ErrorMessage, model.Username);
            }

            return SignInAndRedirect(
                 authResult,
                 Constants.AuthenticationMethods.Password,
                 Constants.BuiltInIdentityProvider);
        }
        public async Task <IHttpActionResult> LoginLocal(string signin, LoginCredentials model)
        {
            Logger.Info("Login page submitted");

            if (this._options.AuthenticationOptions.EnableLocalLogin == false)
            {
                Logger.Warn("EnableLocalLogin disabled -- returning 405 MethodNotAllowed");
                return(StatusCode(HttpStatusCode.MethodNotAllowed));
            }

            if (signin.IsMissing())
            {
                Logger.Error("No signin id passed");
                return(RenderErrorPage());
            }

            var cookie        = new SignInMessageCookie(Request.GetOwinContext(), this._options);
            var signInMessage = cookie.Read(signin);

            if (signInMessage == null)
            {
                Logger.Error("No cookie matching signin id found");
                return(RenderErrorPage());
            }

            if (model == null)
            {
                Logger.Error("no data submitted");
                return(await RenderLoginPage(signInMessage, Messages.InvalidUsernameOrPassword));
            }

            // the browser will only send 'true' if ther user has checked the checkbox
            // it will pass nothing if the user does not check the checkbox
            // this check here is to establish if the user deliberatly did not check the checkbox
            // or if the checkbox was not presented as an option (and thus AllowRememberMe is not allowed)
            // true means they did check it, false means they did not, null means they were not presented with the choice
            if (_options.AuthenticationOptions.CookieOptions.AllowRememberMe)
            {
                if (model.RememberMe != true)
                {
                    model.RememberMe = false;
                }
            }
            else
            {
                model.RememberMe = null;
            }

            if (!ModelState.IsValid)
            {
                Logger.Warn("validation error: username or password missing");
                return(await RenderLoginPage(signInMessage, ModelState.GetError(), model.Username, model.RememberMe == true));
            }

            var authResult = await _userService.AuthenticateLocalAsync(model.Username, model.Password, signInMessage);

            if (authResult == null)
            {
                Logger.WarnFormat("user service indicated incorrect username or password for username: {0}", model.Username);
                return(await RenderLoginPage(signInMessage, Messages.InvalidUsernameOrPassword, model.Username, model.RememberMe == true));
            }

            if (authResult.IsError)
            {
                Logger.WarnFormat("user service returned an error message: {0}", authResult.ErrorMessage);
                return(await RenderLoginPage(signInMessage, authResult.ErrorMessage, model.Username, model.RememberMe == true));
            }

            return(SignInAndRedirect(signInMessage, authResult, model.RememberMe));
        }