public async Task <IHttpActionResult> SignIn(LoginViewModel model) { if (!ModelState.IsValid) { return(BadRequest()); } var user = _userManager.Find(model.UserName, model.Password); if (user == null) { return(BadRequest()); } Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); ClaimsIdentity oAuthIdentity = await _userManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await _userManager.CreateIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = await CreateInitialRefreshToken(model.ClientId, user, oAuthIdentity); properties.IsPersistent = model.IsPersistance; Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); await _userManager.AddLoginAsync(user.Id, new UserLoginInfo(AuthenticationConstants.InternalLoginProvider, user.Id)); return(Ok()); }