public async Task<IActionResult> Login(LoginViewModel model) { if(ModelState.IsValid) { var result = await _signManager.PasswordSignInAsync(model.Username, model.Password, model.Remember, false); if(result.Succeeded) { if(!string.IsNullOrEmpty(model.ReturnUrl) && Url.IsLocalUrl(model.ReturnUrl)) //This is important because it prevents OpenRedirect. OpenRedirects leave users open to phishing attacks { return Redirect(model.ReturnUrl); } else { return RedirectToAction("Index", "Home"); } } } ModelState.AddModelError("", "Invalid login attempt."); return View(model); }
public IActionResult Login(string returnUrl = "") { var model = new LoginViewModel { ReturnUrl = returnUrl }; return View(model); }