Login

Page Purpose: User authentication - Primary entry point to the application.
User Context: Any visitor needing to access their account.
Next Steps: After login → User Dashboard (role-based routing)

After successful login, users are routed based on their role:

• Client: → User Dashboard
• Reviewer: → Reviewer Dashboard
• Admin: → Admin Dashboard
• System Admin: → Institutions Management

Client-side validation:

• Email: Required, valid email format
• Password: Required, minimum 6 characters

Server-side validation:

• Email exists in database
• Password matches hashed password
• Account is not locked/disabled
• Two-factor authentication check (if enabled)

Error messages:

• "Invalid email or password"
• "Account locked - contact support"
• "Please verify your email before logging in"

• Remember Me: Sets persistent cookie (30 days)
• Return URL: Redirects to originally requested page after login
• Failed Login Attempts: Locks account after 5 failed attempts
• Security: Uses HTTPS, anti-CSRF tokens, rate limiting

AspNetUsers Table Fields Used:

• Email (username)
• PasswordHash
• EmailConfirmed
• LockoutEnabled
• AccessFailedCount
• TwoFactorEnabled

Related Tables:

• AspNetUserRoles (determines post-login route)
• AspNetUserLogins (external login associations)