public ActionResult SignIn(SignInUser signInUser)
{
try
{
ActionResult actionResult = ServiceHelper.IsAnyNullOrEmpty(signInUser);
if (actionResult.Success)
{
actionResult.Success = false;
return(actionResult);
}
ApplicationSignInManager signinManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationSignInManager>();
SignInStatus result = signinManager.PasswordSignIn(signInUser.Username, signInUser.Password, signInUser.RememberMe, false);
switch (result)
{
case SignInStatus.Success:
ApplicationUserManager userManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
ApplicationUser user = userManager.Find(signInUser.Username, signInUser.Password);
if (!userManager.IsEmailConfirmed(user.Id))
{
return(new ActionResult {
Success = false, Message = "You need to confirm your email."
});
}
IAuthenticationManager authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
ClaimsIdentity userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = signInUser.RememberMe
}, userIdentity);
string token = Security.GenerateSecurityToken(user.Id, signInUser.Username, user.Email);
return(new ActionResult
{
Success = true,
Message = token
});
case SignInStatus.LockedOut:
userManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
user = userManager.FindByName(signInUser.Username);
user.LockoutEnabled = true;
userManager.Update(user);
return(new ActionResult
{
Success = false,
Message = "Your account has been locked out, please contact your system administrator."
});
case SignInStatus.RequiresVerification:
return(new ActionResult
{
Success = false,
Message = "Your account has not yet been verified, please contact your system administrator."
});
case SignInStatus.Failure:
ApplicationUserManager manager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
ApplicationUser tryUser = manager.FindByName(signInUser.Username);
if (tryUser != null)
{
manager.AccessFailed(tryUser.Id);
}
return(new ActionResult
{
Success = false,
Message = "Invalid username/password combination."
});
default:
return(new ActionResult
{
Success = false,
Message = "Could not login\r\n" + result
});
}
}
catch (Exception exception)
{
Dictionary <string, string> dictionary = signInUser.ToDictionary();
ServiceHelper.LogException(exception, dictionary, ErrorSource.Authentication);
return(new ActionResult
{
Success = false,
Message = "Error, Failed to login."
});
}
}
public static RBACStatus Login(this ControllerBase controller, LoginViewModel model, ApplicationUserManager userMngr, ApplicationSignInManager signInMngr, out List <string> _errors)
{
RBACStatus _retVal = RBACStatus.Failure;
_errors = new List <string>();
try
{
var user = userMngr.FindByName(model.UserName);
if (user != null)
{
var validCredentials = userMngr.Find(model.UserName, model.Password);
if (userMngr.IsLockedOut(user.Id))
{
_errors.Add(string.Format(c_AccountLockout, GetConfigSettingAsDouble(cKey_AccountLockoutTimeSpan)));
return(RBACStatus.LockedOut);
}
else if (userMngr.GetLockoutEnabled(user.Id) && validCredentials == null)
{
userMngr.AccessFailed(user.Id);
if (userMngr.IsLockedOut(user.Id))
{
_errors.Add(string.Format(c_AccountLockout, GetConfigSettingAsDouble(cKey_AccountLockoutTimeSpan)));
return(RBACStatus.LockedOut);
}
else
{
int _attemptsLeftB4Lockout = (GetConfigSettingAsInt(cKey_MaxFailedAccessAttemptsBeforeLockout) - userMngr.GetAccessFailedCount(user.Id));
_errors.Add(string.Format(c_InvalidCredentials, _attemptsLeftB4Lockout));
return(_retVal);
}
}
else if (validCredentials == null)
{
_errors.Add(c_InvalidLogin);
return(_retVal);
}
else
{
//Valid credentials entered, we need to check whether email verification is required...
bool IsAccountVerificationRequired = GetConfigSettingAsBool(cKey_AccountVerificationRequired);
bool Is2FAEnabled = GetConfigSettingAsBool(cKey_2FAEnabled);
string DeviceType = GetConfigSetting(cKey_2FADeviceType);
if ((IsAccountVerificationRequired && DeviceType == c_EmailCode) || (Is2FAEnabled && DeviceType == c_EmailCode))
{
//Check if email verification has been confirmed!
if (!userMngr.IsEmailConfirmed(user.Id))
{
//Display error message on login page, take no further action...
_errors.Add(c_AccountEmailUnconfirmed);
return(RBACStatus.EmailUnconfirmed);
}
}
//else if (Is2FAEnabled && DeviceType == c_PhoneCode)
else if ((IsAccountVerificationRequired && DeviceType == c_PhoneCode) || (Is2FAEnabled && DeviceType == c_PhoneCode))
{
if (!userMngr.IsPhoneNumberConfirmed(user.Id))
{
_errors.Add(c_AccountPhoneNumberUnconfirmed);
return(RBACStatus.PhoneNumberUnconfirmed);
}
}
bool _userLockoutEnabled = GetConfigSettingAsBool(cKey_UserLockoutEnabled);
//Before we signin, check that our 2FAEnabled config setting agrees with the database setting for this user...
if (Is2FAEnabled != userMngr.GetTwoFactorEnabled(user.Id))
{
userMngr.SetTwoFactorEnabled(user.Id, Is2FAEnabled);
}
_retVal = (RBACStatus)signInMngr.PasswordSignIn(model.UserName, model.Password, model.RememberMe, shouldLockout: _userLockoutEnabled);
switch (_retVal)
{
case RBACStatus.Success:
{
userMngr.ResetAccessFailedCount(user.Id);
break;
}
default:
{
_errors.Add(c_InvalidLogin);
break;
}
}
}
}
else
{
_errors.Add(c_InvalidUser);
}
}
catch (Exception ex)
{
throw ex;
}
return(_retVal);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// all connections from mobile devices as well as web apps
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
var skipClaims = false;
using (var repo = new ApplicationUserManager(new UserStore <ApplicationUser>()))
using (var db = new ApplicationDbContext())
{
var identityUser = repo.Users.SingleOrDefault(u => u.UserName == context.Ticket.Identity.Name);
var potentialId = "";
if (identityUser != null)
{
potentialId = identityUser.Id;
}
this.LogInfo("Testing password.");
var query = (from dbUser in db.Users
where dbUser.Id == potentialId
select dbUser);
var user = query.SingleOrDefault();
if (user == null)
{
context.SetError("invalid_grant", "User name or password is incorrect.");
repo.AccessFailed(user.Id);
return;
}
if (!user.LockoutEnabled)
{
context.SetError("invalid_grant", "Account is disabled.");
return;
}
identity.AddClaim(_defaultClaim);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("FirstName", user.FirstName));
identity.AddClaim(new Claim("LastName", user.LastName));
identity.AddClaim(new Claim("SessionLogId", Guid.NewGuid().ToString()));
foreach (var claim in user.Claims)
{
identity.AddClaim(new Claim(claim.ClaimType, claim.ClaimValue));
}
if (user.LockoutEnabled)
{
await repo.ResetAccessFailedCountAsync(user.Id);
}
}
this.LogInfo("Successfully authenticated {0}.", identity.Name);
context.Validated(identity);
}
public IdentityLoginResult ValidateIdentityUser(string username, string password, bool shouldLockout)
{
var user = _userManager.FindByName(username);
if (user == null)
{
return new IdentityLoginResult {
CustomerLoginResults = CustomerLoginResults.MemberNotExists
}
}
;
if (_userManager.IsLockedOut(user.Id))
{
return new IdentityLoginResult {
CustomerLoginResults = CustomerLoginResults.IsLockedOut
}
}
;
var account = _accountRepository.Table.Where(x => x.Email.ToLower() == user.Email.ToLower());
if (account == null)
{
return new IdentityLoginResult {
CustomerLoginResults = CustomerLoginResults.AccountNotExists
}
}
;
if (_userManager.CheckPassword(user, password))
{
_userManager.ResetAccessFailedCount(user.Id);
var userIdentity = _userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
return(new IdentityLoginResult
{
ClaimsIdentity = userIdentity,
CustomerLoginResults = CustomerLoginResults.Successful,
});
}
if (shouldLockout)
{
_userManager.AccessFailed(user.Id);
if (_userManager.IsLockedOut(user.Id))
{
return new IdentityLoginResult {
CustomerLoginResults = CustomerLoginResults.IsLockedOut
}
}
;
}
return(new IdentityLoginResult {
CustomerLoginResults = CustomerLoginResults.WrongPassword
});
}
}
}
