public async Task <ActionResult> SignIn(AuthenticatePasswordInputModel model, string action, string leaveBlank)
        {
            if (leaveBlank != null)
            {
                ViewBag.Message = "You appear to be a spambot";
            }
            else if (model.Username != null && (action == "getcode" || (action != "signin" && model.Password == null)))
            {
                ModelState.ClearValidationState("Password");
                var input = new SendCodeInputModel()
                {
                    Username = model.Username,
                    NextUrl  = model.NextUrl
                };
                var response = await _authenticateOrchestrator.SendOneTimeCodeAsync(input);

                ViewBag.Message = response.Message;
            }
            else if (ModelState.IsValid)
            {
                var response = await _authenticateOrchestrator.AuthenticateAsync(model);

                if (response.StatusCode == 301)
                {
                    await _authenticateOrchestrator.SignInUserAsync(HttpContext, model.Username, model.StaySignedIn);

                    return(Redirect(response.RedirectUrl));
                }
                ViewBag.Message = response.Message;
            }
            return(View(model));
        }
        private async Task <IActionResult> SignInAndReturnAsync(string username, bool staySignedIn, string nextUrl)
        {
            await _authenticateOrchestrator.SignInUserAsync(HttpContext, username, staySignedIn);

            return(new JsonResult(new
            {
                Message = (string)null,
                NextUrl = nextUrl
            }));
        }