When a login fails, I wish to know if it was the username, the password or something else.
var signinResult = await _signInManager.PasswordSignInAsync(
loginViewModel.UserName,
loginViewModel.Password,
false, false);
returns SignInResult which just tells me that it's NotAllowed.
Can I get a more meaningful reason from Identity somehow?
NotAllowed means either the Email or Phone Number have't been confirmed (and confirmation is required). You can check this explicitly with something like the following (assuming you have a UserManager instance from DI):
await _userManager.IsEmailConfirmedAsync(user);
await _userManager.IsPhoneNumberConfirmedAsync(user);
To use either of those two functions, you'll need the user:
var user = await _userManager.FindByNameAsync(loginViewModel.UserName);
To determine whether it was the username or the password that failed, you'll need to first check IsLockedOut, IsNotAllowed and RequiresTwoFactor. If all of these return false, the username or password is incorrect. In order to determine which of these is the problem, you can check the return value from await _userManager.FindByNameAsync(user). Here's a complete example:
var signinResult = await _signInManager.PasswordSignInAsync(
loginViewModel.UserName, loginViewModel.Password, false, false);
var user = await _userManager.FindByNameAsync(loginViewModel.UserName);
if (signinResult.IsNotAllowed)
{
if (!await _userManager.IsEmailConfirmedAsync(user))
{
// Email isn't confirmed.
}
if (!await _userManager.IsPhoneNumberConfirmedAsync(user))
{
// Phone Number isn't confirmed.
}
}
else if (signinResult.IsLockedOut)
{
// Account is locked out.
}
else if (signinResult.RequiresTwoFactor)
{
// 2FA required.
}
else
{
// Username or password is incorrect.
if (user == null)
{
// Username is incorrect.
}
else
{
// Password is incorrect.
}
}