Identity 2.0 Invalid Login Attempt

In class AccountController.cs, method: public async Task<ActionResult> Login(LoginViewModel model, string returnUrl). Modified this:

var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);

To this:

try
{
    var user = db.Users.Where(u => u.Email.Equals(model.Email)).Single(); // where db is ApplicationDbContext instance
    var result = await SignInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberMe, shouldLockout: false);
}
catch (InvalidOperationException)
{
    // the user is not exist
}

The reason is UserName and UserEmail have different values but method PasswordSignInAsync only uses UserName to check for log in.


I had the same issue but found the solution to be a combination of both the accepted answer by Marcin and the answer by Hai. In AccountController.cs you need to use FindByEmailAsync(), instead of FindByNameAsync(), then use SignInManager.PasswordSignInAsync() but use the value of user.UserName as the first argument (as long as user is not null), instead of model.Email. So a complete answer, based on the current boiler plate code, would be something like this:

    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        // (...) ModelState.IsValid, etc

        string user_name = ""; // in case 'user' is null (user not found)
        var user = await UserManager.FindByEmailAsync(model.Email);

        if (user != null)
        {
            user_name = user.UserName;

            if (!await UserManager.IsEmailConfirmedAsync(user.Id))
            {
                // (...) Require the user to have a confirmed email before they can log on, etc
            }
        }

        // don't use model.Email below, use the value from user.UserName (if user not null)
        var result = await SignInManager.PasswordSignInAsync(user_name, model.Password, model.RememberMe, shouldLockout: false);
        switch (result)
        {
            // (...)

You have to modify SignInHelper.PasswordSignIn method. By default it uses FindByNameAsync to check if user with given name exists:

public async Task<SignInStatus> PasswordSignIn(string userName, string password, bool isPersistent, bool shouldLockout)
{
    var user = await UserManager.FindByNameAsync(userName);
    // (...)

change it to use FindByEmailAsync:

    var user = await UserManager.FindByEmailAsync(userName);

You can find SignInHelper class in *AppCode\IdentityConfig.cs` file.


You can try change to bool value in Startup.cs file in your project. "true->false" In this line, services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = false)

Tags:

C#

Asp.Net Mvc 5

Asp.Net Identity 2

Recent Posts