feat: duende version

Template.Duende.csproj

@@ -0,0 +1,23 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <PackageType>Template</PackageType>
+    <PackageVersion>1.0</PackageVersion>
+    <PackageId>TheIdServer.Duende.Template</PackageId>
+    <Title>TheIdServer Duende IdentityServer Template</Title>
+    <Authors>Olivier Lefebvre</Authors>
+    <Description>Template to create a TheIdServer for Duende IdentityServer solution.</Description>
+    <PackageTags>dotnet-new;templates;theidserver;duende-identityserver;oidc;ws-federation;oauth;identity;authentication;security;iam</PackageTags>
+    <TargetFramework>net5.0</TargetFramework>
+
+    <IncludeContentInPack>true</IncludeContentInPack>
+    <IncludeBuildOutput>false</IncludeBuildOutput>
+    <ContentTargetFolders>content</ContentTargetFolders>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="TheIdServer.Duende\**\*" Exclude="TheIdServer.Duende\**\bin\**;TheIdServer\**\obj\**;TheIdServer.Duende\**\*.csproj.user;TheIdServer.Duende\**\.vs\**;TheIdServer.Duende\**\TIS.db;TheIdServer\**\update-dependencies.ps1;TheIdServer\**\update-dependencies.cmd;TheIdServer.Duende\TheIdServer.sln.licenseheader" />
+    <Compile Remove="**\*" />
+  </ItemGroup>
+
+</Project>

Template.csproj → Template.IS4.csproj

@@ -3,10 +3,10 @@
   <PropertyGroup>
     <PackageType>Template</PackageType>
     <PackageVersion>1.0</PackageVersion>
-    <PackageId>TheIdServer.Template</PackageId>
-    <Title>TheIdServer Template</Title>
+    <PackageId>TheIdServer.IS4.Template</PackageId>
+    <Title>TheIdServer identityserver4 Template</Title>
     <Authors>Olivier Lefebvre</Authors>
-    <Description>Template to create a TheIdServer solution.</Description>
+    <Description>Template to create a TheIdServer for identityserver4 solution.</Description>
     <PackageTags>dotnet-new;templates;theidserver;identityserver4;oidc;ws-federation;oauth;identity;authentication;security;iam</PackageTags>
     <TargetFramework>net5.0</TargetFramework>
 
@@ -16,7 +16,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <Content Include="TheIdServer\**\*" Exclude="TheIdServer\**\bin\**;TheIdServer\**\obj\**;TheIdServer\**\*.csproj.user;TheIdServer\**\.vs\**;TheIdServer\**\TIS.db;TheIdServer\**\update-dependencies.ps1;TheIdServer\**\update-dependencies.cmd;TheIdServer\TheIdServer.sln.licenseheader" />
+    <Content Include="TheIdServer.IS4\**\*" Exclude="TheIdServer.IS4\**\bin\**;TheIdServer\**\obj\**;TheIdServer.IS4\**\*.csproj.user;TheIdServer.IS4\**\.vs\**;TheIdServer.IS4\**\TIS.db;TheIdServer\**\update-dependencies.ps1;TheIdServer\**\update-dependencies.cmd;TheIdServer.IS4\TheIdServer.sln.licenseheader" />
     <Compile Remove="**\*" />
   </ItemGroup>
 

TheIdServer.Duende/.template.config/template.json

@@ -0,0 +1,51 @@
+{
+  "$schema": "http://json.schemastore.org/TIS.Duende",
+  "author": "Olivier Lefebvre",
+  "classifications": ["TheIdServer"],
+  "name": "TheIdServer.Duende",
+  "identity": "TheIdServer.Duende",
+  "shortName": "tisduende",
+  "tags": {
+    "language": "C#"
+  },
+  "sourceName": "TIS",
+  "preferNameDirectory": true,
+  "symbols": {
+    "skipRestore": {
+      "type": "parameter",
+      "datatype": "bool",
+      "description": "Skip restore packages",
+      "defaultValue": "false"
+    }
+  },
+  "sources": [    
+    {
+      "modifiers": [
+        {
+          "exclude": [
+            ".vs/**",
+            ".git/**", 
+            "doc/**", 
+            "coverage/**", 
+            "ReportGenerator/**", 
+            "**/TestResults/**"
+          ]
+        }
+      ]
+    }    
+  ],
+  "primaryOutputs": [
+    {
+      "path": "TIS.sln"
+    }
+  ],
+  "postActions": [{
+    "condition": "(!skipRestore)",
+    "description": "Restore NuGet packages required by this project.",
+    "manualInstructions": [
+      { "text": "Run 'dotnet restore'" }
+    ],
+    "actionId": "210D431B-A78B-4D2F-B762-4ED3E3EA9025",
+    "continueOnError": true
+  }]
+}

TheIdServer/TIS.sln → TheIdServer.Duende/TIS.sln

@@ -1,12 +1,10 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.30709.64
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31710.8
 MinimumVisualStudioVersion = 15.0.26124.0
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{32C08CAA-5B35-4960-83FE-0829B47E8014}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS", "src\TIS\TIS.csproj", "{17E655FC-40AC-4A10-8BC1-169971FFAE82}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS.BlazorApp", "src\TIS.BlazorApp\TIS.BlazorApp.csproj", "{B9AA421E-C595-49EE-BDA4-D286CA0FC5CF}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{8FD1B9F7-E1B1-44CC-816B-18089DD3604B}"
@@ -15,9 +13,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebAssembly.Net.Http", "tes
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Components.Testing", "test\Microsoft.AspNetCore.Components.Testing\Microsoft.AspNetCore.Components.Testing.csproj", "{836C7CFC-A17D-4D25-924B-2A6683F9546D}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS.IntegrationTest", "test\TIS.IntegrationTest\TIS.IntegrationTest.csproj", "{149F2471-4BBA-4E6F-A6A6-69320C2109A5}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS", "src\TIS\TIS.csproj", "{D466CE28-FCD6-4DE6-B045-08C129EB45B7}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS.Test", "test\TIS.Test\TIS.Test.csproj", "{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS.Test", "test\TIS.Test\TIS.Test.csproj", "{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TIS.IntegrationTest", "test\TIS.IntegrationTest\TIS.IntegrationTest.csproj", "{412BBD3A-26FC-49E7-A548-353740F94E44}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -29,18 +29,6 @@ Global
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Debug|x64.Build.0 = Debug|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Debug|x86.Build.0 = Debug|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Release|Any CPU.Build.0 = Release|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Release|x64.ActiveCfg = Release|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Release|x64.Build.0 = Release|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Release|x86.ActiveCfg = Release|Any CPU
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82}.Release|x86.Build.0 = Release|Any CPU
 		{B9AA421E-C595-49EE-BDA4-D286CA0FC5CF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{B9AA421E-C595-49EE-BDA4-D286CA0FC5CF}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B9AA421E-C595-49EE-BDA4-D286CA0FC5CF}.Debug|x64.ActiveCfg = Debug|Any CPU
@@ -77,41 +65,53 @@ Global
 		{836C7CFC-A17D-4D25-924B-2A6683F9546D}.Release|x64.Build.0 = Release|Any CPU
 		{836C7CFC-A17D-4D25-924B-2A6683F9546D}.Release|x86.ActiveCfg = Release|Any CPU
 		{836C7CFC-A17D-4D25-924B-2A6683F9546D}.Release|x86.Build.0 = Release|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Debug|x64.Build.0 = Debug|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Debug|x86.Build.0 = Debug|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Release|Any CPU.Build.0 = Release|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Release|x64.ActiveCfg = Release|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Release|x64.Build.0 = Release|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Release|x86.ActiveCfg = Release|Any CPU
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5}.Release|x86.Build.0 = Release|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Debug|x64.Build.0 = Debug|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Debug|x86.Build.0 = Debug|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Release|Any CPU.Build.0 = Release|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Release|x64.ActiveCfg = Release|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Release|x64.Build.0 = Release|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Release|x86.ActiveCfg = Release|Any CPU
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D}.Release|x86.Build.0 = Release|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Debug|x64.Build.0 = Debug|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Debug|x86.Build.0 = Debug|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Release|x64.ActiveCfg = Release|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Release|x64.Build.0 = Release|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Release|x86.ActiveCfg = Release|Any CPU
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7}.Release|x86.Build.0 = Release|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Debug|x64.Build.0 = Debug|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Debug|x86.Build.0 = Debug|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Release|x64.ActiveCfg = Release|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Release|x64.Build.0 = Release|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Release|x86.ActiveCfg = Release|Any CPU
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D}.Release|x86.Build.0 = Release|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Debug|x64.Build.0 = Debug|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Debug|x86.Build.0 = Debug|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Release|Any CPU.Build.0 = Release|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Release|x64.ActiveCfg = Release|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Release|x64.Build.0 = Release|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Release|x86.ActiveCfg = Release|Any CPU
+		{412BBD3A-26FC-49E7-A548-353740F94E44}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
-		{17E655FC-40AC-4A10-8BC1-169971FFAE82} = {32C08CAA-5B35-4960-83FE-0829B47E8014}
 		{B9AA421E-C595-49EE-BDA4-D286CA0FC5CF} = {32C08CAA-5B35-4960-83FE-0829B47E8014}
 		{9E49FAC6-B9A0-47D5-8F34-2A5AA2D8C017} = {8FD1B9F7-E1B1-44CC-816B-18089DD3604B}
 		{836C7CFC-A17D-4D25-924B-2A6683F9546D} = {8FD1B9F7-E1B1-44CC-816B-18089DD3604B}
-		{149F2471-4BBA-4E6F-A6A6-69320C2109A5} = {8FD1B9F7-E1B1-44CC-816B-18089DD3604B}
-		{B5BA10D6-C200-4AE6-943E-C7162ACC9D3D} = {8FD1B9F7-E1B1-44CC-816B-18089DD3604B}
+		{D466CE28-FCD6-4DE6-B045-08C129EB45B7} = {32C08CAA-5B35-4960-83FE-0829B47E8014}
+		{C3AFD1D7-EDF0-4149-97CC-9A1B6209391D} = {8FD1B9F7-E1B1-44CC-816B-18089DD3604B}
+		{412BBD3A-26FC-49E7-A548-353740F94E44} = {8FD1B9F7-E1B1-44CC-816B-18089DD3604B}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {96BF70D2-3F6D-44CA-89BA-5053E3BA2C26}

TheIdServer.Duende/src/TIS/Areas/Identity/Pages/Account/LoginWith2fa.cshtml.cs

@@ -0,0 +1,159 @@
+// Copyright (c) 2021 @Olivier Lefebvre. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+using Aguacongas.TheIdServer.Models;
+using Duende.IdentityServer.Events;
+using Duende.IdentityServer.Services;
+using Duende.IdentityServer.Stores;
+using IdentityServerHost.Quickstart.UI;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.Extensions.Localization;
+using Microsoft.Extensions.Logging;
+using System;
+using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
+using System.Threading.Tasks;
+using TIS.Quickstart.Account;
+
+namespace TIS.Areas.Identity.Pages.Account
+{
+    [AllowAnonymous]
+    [SuppressMessage("Minor Code Smell", "S101:Types should be named in PascalCase", Justification = "Scafolded code")]
+    public class LoginWith2faModel : PageModel
+    {
+        private readonly SignInManager<ApplicationUser> _signInManager;
+        private readonly IIdentityServerInteractionService _interaction;
+        private readonly IEventService _events;
+        private readonly IClientStore _clientStore;
+        private readonly ILogger<LoginWith2faModel> _logger;
+        private readonly IStringLocalizer _localizer;
+
+        public LoginWith2faModel(SignInManager<ApplicationUser> signInManager,
+            IIdentityServerInteractionService interaction,
+            IEventService events,
+            IClientStore clientStore,
+            ILogger<LoginWith2faModel> logger,
+            IStringLocalizer<LoginWith2faModel> localizer)
+        {
+            _signInManager = signInManager;
+            _interaction = interaction;
+            _events = events;
+            _clientStore = clientStore;
+            _logger = logger;
+            _localizer = localizer;
+        }
+
+        [BindProperty]
+        public InputModel Input { get; set; }
+
+        public bool RememberMe { get; set; }
+
+        public string ReturnUrl { get; set; }
+
+        public bool RedirectToReturnUrl { get; set; }
+
+        public class InputModel
+        {
+            [Required]
+            [StringLength(7, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
+            [DataType(DataType.Text)]
+            [Display(Name = "Authenticator code")]
+            public string TwoFactorCode { get; set; }
+
+            [Display(Name = "Remember this machine")]
+            public bool RememberMachine { get; set; }
+        }
+
+        public async Task<IActionResult> OnGetAsync(bool rememberMe, string returnUrl = null)
+        {
+            // Ensure the user has gone through the username & password screen first
+            var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
+
+            if (user == null)
+            {
+                throw new InvalidOperationException($"Unable to load two-factor authentication user.");
+            }
+
+            ReturnUrl = returnUrl;
+            RememberMe = rememberMe;
+
+            return Page();
+        }
+
+        public async Task<IActionResult> OnPostAsync(string userName, bool rememberMe, string returnUrl = null)
+        {
+            if (!ModelState.IsValid)
+            {
+                return Page();
+            }
+
+            returnUrl = returnUrl ?? Url.Content("~/");
+
+            var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
+            if (user == null)
+            {
+                throw new InvalidOperationException($"Unable to load two-factor authentication user.");
+            }
+
+            var authenticatorCode = Input.TwoFactorCode.Replace(" ", string.Empty).Replace("-", string.Empty);
+
+            var result = await _signInManager.TwoFactorAuthenticatorSignInAsync(authenticatorCode, rememberMe, Input.RememberMachine);
+
+            if (result.Succeeded)
+            {
+                _logger.LogInformation("User with ID '{UserId}' logged in with 2fa.", user.Id);
+
+                return await OnSiginSuccesss(user, returnUrl);
+            }
+            else if (result.IsLockedOut)
+            {
+                _logger.LogWarning("User with ID '{UserId}' account locked out.", user.Id);
+                return RedirectToPage("./Lockout");
+            }
+            else
+            {
+                _logger.LogWarning("Invalid authenticator code entered for user with ID '{UserId}'.", user.Id);
+                ModelState.AddModelError(string.Empty, _localizer["Invalid authenticator code."]);
+                return Page();
+            }
+        }
+
+        private async Task<IActionResult> OnSiginSuccesss(ApplicationUser user, string returnUrl)
+        {
+            var context = await _interaction.GetAuthorizationContextAsync(returnUrl).ConfigureAwait(false);
+
+            await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName, clientId: context?.Client?.ClientId));
+
+            if (context != null)
+            {
+                if (context.IsNativeClient())
+                {
+                    // if the client is PKCE then we assume it's native, so this change in how to
+                    // return the response is for better UX for the end user.
+                    RedirectToReturnUrl = true;
+                    ReturnUrl = returnUrl;
+
+                    return Page();
+                }
+
+                // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
+                return Redirect(returnUrl);
+            }
+
+            // request for a local page
+            if (Url.IsLocalUrl(returnUrl))
+            {
+                return Redirect(returnUrl);
+            }
+            else if (string.IsNullOrEmpty(returnUrl))
+            {
+                return Redirect("~/");
+            }
+
+            // user might have clicked on a malicious link - should be logged
+            throw new InvalidReturnUrlException();
+        }
+    }
+}